On Tue, Jun 24, 2008 at 01:39:28PM +0200, Christian Theune wrote:
I have a problem with the standard item traverser provided by zope.app.container:
The item traverser looks up a object using the given name and a __getitem__ call on the context. If this raises a KeyError it tries to look up a view given the same name.
If the user does not have the permission to access __getitem__ it will let the Unauthorized exception pass through.
I my situation I have two views for which the user doesn't really need the permission to access __getitem__ on the container but they can't access the views because the __getitem__ call will be tried anyway.
I can explicitly make the URL use '@@viewname' and bypass the item traverser, but I don't like the @@s in the URL. I wonder whether adding Unauthorized to the KeyError would be reasonable.
I think not. At least it should not convert Unauthorized into NotFound. If I can access a location (say, http://localhost/container/item) when I'm logged in, then if I try that as an anonymous user, I should get an authentication dialog rather than a 404 Not Found page. Marius Gedminas -- If nothing else helps, read the documentation.