The server runs ik but the authorizer class you provided doest seem to work.I can still access my model without login.

[GoogleCodeExporter]

What steps will reproduce the problem?
1.
2.
3.

What is the expected output? What do you see instead?


What version of the product are you using? On what operating system?


Please provide any additional information below.

Original issue reported on code.google.com by achachiez on 3 Jul 2012 at 9:43

[GoogleCodeExporter]

which authorizer?  what does your setup code look like?  which version are you 
using?

Original comment by jahlborn@gmail.com on 4 Jul 2012 at 1:13

[GoogleCodeExporter]

Here is the whole of my main.py I expect to get 404 error but still I can 
receive results.I'm useing version 1.0.6

Original comment by achachiez on 4 Jul 2012 at 5:27

Attachments:

• main.py

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

The example authorizer here 
http://code.google.com/p/appengine-rest-server/wiki/ExampleAuthorizer does not 
work as you could expect.Since it allow unauthorized writes event though it 
leaves the owner field blank.I have attached an improved version that will 
return a 404 if the a read or write request is unauthorized. Hope this helps 
somebody.

Original comment by achachiez on 4 Jul 2012 at 8:36

Attachments:

• security.py

[GoogleCodeExporter]

first, your version does not stop writes if the owner is blank (i'm assuming 
that's what you are attempting to do, but your can_write() method does not 
throw an exception if the owner is blank).

second, the Authorizer class is not responsible for requiring that a user is 
valid.  that is the job of the Authenticator.  you should be using an 
Authenticator which requires the current user to be valid.  

Original comment by jahlborn@gmail.com on 4 Jul 2012 at 1:17

[GoogleCodeExporter]

Thanks a lot I finally got it working.

Original comment by achachiez on 4 Jul 2012 at 7:14

[GoogleCodeExporter]

Original comment by jahlborn@gmail.com on 4 Jul 2012 at 7:55

• Changed state: Invalid