I was have been trying to implement acl for services in cornice without any luck. I've tried using the example given in the tests from this url:
I basically just did copy paste of the following code and changed the acl to always deny permission:
def my_acl(request):
return [DENY_ALL]
service = Service(name="service", path="/service", acl=my_acl)
@service.get()
def return_404(request):
raise HTTPNotFound()
@service.put(permission='update')
def update_view(request):
return "updated_view"
I was hoping that with DENY_ALL the service would never return the "updated_view" response, however that was all I got when doing the put request. Is there any setup or anything that I'm missing?