Yesterday marked the last of the niggly things I wanted in Tornado Server but have been too low priority to worry about. Turns out they were actually really simple to implement.
First up was the issue where you set the AllowAccess role to a group and have a login page in the application that references css, images etc from the same application. Previously the anonymous user would be denied access to the resources since only authenticated users may access the application's design elements. We added a new role of "ResourceAccess" (and set the permission to "*") which now allows anyone access to the resource design elements. Login screens now look great!
Second was something of a weird feature and is also permission based. It is the opposite of the "*" permission so we called it "!*", that is, not anyone. This means any authenticated user. This makes it easy to say "allow anyone access to this app who is logged in". Not completely convinced how useful this will be, but seems like something useful that I could have done with in the past.
Some customers have been asking about ajax features in the last few days (they didn't actually ask for ajax but that is the technology they need to do the job). We'll see where this takes us... Ajax is certainly an interesting technology.
The next Tornado Server release will be available with the beta of the Vortex IDE, probably in about three weeks.