[Zope-dev] Unauthorized handling in Zope2
yuppie
y.2010 at wcm-solutions.de
Tue Apr 20 10:01:30 EDT 2010
Hi!
Wichert Akkerman wrote:
> On 4/20/10 15:17 , yuppie wrote:
>> Wichert Akkerman wrote:
>>> I added an extra change (see diff below) to fix that, after which things
>>> seemed to work.
>>
>> Great!
>
> Can you commit that change along with your other changes?
Yes. I'll write some more tests and commit it in time for the 2.12.5
release. Thanks for catching this issue early enough!
>> Re-raising the exceptions makes sure the post-processing in
>> HTTPResponse.exception is called. That is also expected by
>> CookieCrumbler and PAS.
>
> The authentication dance between the publisher, request, PAS and
> CookieCrumbler really is a bit contrived :(
An other advantage of the re-raising pattern is the fact that you can
easily change the response type by raising a different exception inside
the view. I plan to use that for replacing the nasty unauth redirect
code in CookieCrumbler. The exception view will raise Redirect or
Forbidden if you are already logged in.
>> A better fix would be to store the rendered exception value in the
>> response object instead of the exception object. That way we could
>> re-raise *all* exceptions as it was done in older Zope versions.
>>
>> But this would have been a bigger refactoring with more risks to break
>> something else.
>
> Perhaps something for 2.13 :)
Yes. Perhaps ;)
Cheers,
Yuppie
More information about the Zope-Dev
mailing list