[Zope-dev] Itemtraverser and Unauthorized vs Views

Christian Theune ct at gocept.com
Fri Jul 4 01:37:48 EDT 2008


On Fri, 2008-07-04 at 02:10 +0300, Marius Gedminas wrote:
> On Tue, Jun 24, 2008 at 01:39:28PM +0200, Christian Theune wrote:
> > [...]
> > I can explicitly make the URL use '@@viewname' and bypass the item traverser,
> > but I don't like the @@s in the URL. I wonder whether adding Unauthorized to
> > the KeyError would be reasonable.
> 
> I think not.  At least it should not convert Unauthorized into NotFound.
> 
> If I can access a location (say, http://localhost/container/item) when
> I'm logged in, then if I try that as an anonymous user, I should get an
> authentication dialog rather than a 404 Not Found page.

Actually, in my case its, when logged in I can use:

http://localhost/container/view

When not logged in, I get an Unauthorized, although when accessing

http://localhost/container/@@view 

I can go ahead as anonymous.

IMHO the code merging the namespaces should be more careful about that.

Christian

-- 
Christian Theune · ct at gocept.com
gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 7 · fax +49 345 1229889 1
Zope and Plone consulting and development

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.zope.org/pipermail/zope-dev/attachments/20080704/cef09b08/attachment-0001.bin


More information about the Zope-Dev mailing list