From: Anthony Baxter <anthony@interlink.com.au>
I'm trying to puzzle through the access control code - right now, if a login validate method fails, they typically do something like raise 'LoginRequired', self.docLogin(self, request)
should they just, in this case, return back None, and let the machinery deal with it?
After plugging self.docLogin into REQUEST, yes.
Hm, in that case, wouldn't that then just recurse back through the parent folders looking for additional access controls?
Exactly :-) This can allow authentication to succeed at a higher level, while still giving you the nice inner Login page if it fails at all levels. This isn't necessarily desirable in all cases, and you can't even *get* a basic authentication dialog when there's an inner cookie-based acl_users unless you define a method which explicitly throws 'LoginRequired'. It's still an improvement on the current default situation, though. Cheers, Evan @ 4-am