tsunami

log in
history

Pyramid gotchas

Luke Breuer
2014-01-16 00:20 UTC

AttributeError inside __acl__ is silently squashed

https://github.com/mmerickel/pyramid_auth_demo/blob/master/2.object_security/demo.py#L36
class Page(object):
    @property
    def __acl__(self):
        return [
            (Allow, self.owner, 'edit'),
            (Allow, 'g:editor', 'edit'),
        ]

    def __init__(self, title, uri, body, owner):
        self.title = title
        self.uri = uri
        self.body = body
        self.owner = owner

Because __acl__ is checked in Pyramid's authorization.py in this way:
        for location in lineage(context):
            try:
                acl = location.__acl__
            except AttributeError:
                continue

If AttributeError is thrown inside of __acl__, it will get trapped as the entity not having an ACL. This is not so good!
TypeError: filter_by() takes exactly 1 argument (2 given)
    @classmethod
    def by_id(cls, userid):
        return DBSession.query(Person).filter_by(id==userid).one()

vs.
    @classmethod
    def by_id(cls, userid):
        return DBSession.query(Person).filter_by(id=userid).one()

In case you don't see it, I wrote id==userid instead of id=userid, as I was used to C# LINQ querying.