Georges Racinet schrieb: > > On Dec 7, 2006, at 12:05 PM, Joachim Schmitz wrote: > >> hi, >> >> in cpsskins_cps3/main_template.pt there is at the top: >> >> can_raise python:mtool.assertViewable(here); >> >> this raises the Unauthorized-exeception, if the user accesses an >> object which he is not allowed to see. what is intended here I assume, >> cause the enduser gets the Authentication box. >> >> What is the best way to catch this situation, and provide the user >> with not information at all. > > The purpose is to make the redirection to login_form work for anonymous > users. > The exception would have been raised later anyway, but would be catched > by CPSSkins crash shield, and one'd get the blinking !! instead of being > redirected. > > Apart from that, you have to design your application so that an > anthenticated user never gets a link he can't follow. Such a situation > qualifies as a bug of the content display layers. This is true for all > actions, for example. For catalog-based contents listing, there's a > dedicated index. > In our student_portal the urls to the students private spaces look like
...students/123/something for student 123. if the student 123 accesses student/456/something by typing that in the url he get's the authentication-error, cause we catch this missbehavior within the main_template. The authentication box is no problem. But I even don't want to show him the Site Error, which shows up after he aborts the authentication. Where is that customizable ? > _______________________________________________ cps-devel mailing list http://lists.nuxeo.com/mailman/listinfo/cps-devel
