I just made a small change to the PyCS with regard to handling of multiple
matching locations in access restrictions. Before this change, if any location
matched your URL and was satisfied for the logged in user, the user was
permittet to access the page. Now all locations that match an URL need to be
satisfied. The reason:
- set up a restriction for the complete blog as /
- set up special admin restrictions for /backup/
Before this would allow all users that can access / to access /backup/, too.
This is not what would be intended. You would have to set up single locations
for every subfolder of your blog and for the main index.html to achieve what was
With the current CVS, if you access /backup/ your user needs to be in groups so
that it is allowed for both paths. To get this, set up as follows:
/ with groups users and all users in that group
/backup/ with groups admins with only the admins in that group
/ with groups users and admins. Users are normal users, admins are admins.
/backup/ with only group admins.
I'll change the "official" documentation of this, too.