On Dec 7, 2006, at 12:44 PM, Joachim Schmitz wrote:
Georges Racinet schrieb:
On Dec 7, 2006, at 12:05 PM, Joachim Schmitz wrote:
hi,
in cpsskins_cps3/main_template.pt there is at the top:
can_raise python:mtool.assertViewable(here);
this raises the Unauthorized-exeception, if the user accesses an
object which he is not allowed to see. what is intended here I
assume,
cause the enduser gets the Authentication box.
What is the best way to catch this situation, and provide the user
with not information at all.
The purpose is to make the redirection to login_form work for
anonymous
users.
The exception would have been raised later anyway, but would be
catched
by CPSSkins crash shield, and one'd get the blinking !! instead of
being
redirected.
Apart from that, you have to design your application so that an
anthenticated user never gets a link he can't follow. Such a
situation
qualifies as a bug of the content display layers. This is true for
all
actions, for example. For catalog-based contents listing, there's a
dedicated index.
In our student_portal the urls to the students private spaces look
like
...students/123/something for student 123.
if the student 123 accesses student/456/something by typing that in
the
url he get's the authentication-error, cause we catch this
missbehavior
within the main_template. The authentication box is no problem. But I
even don't want to show him the Site Error, which shows up after he
aborts the authentication. Where is that customizable ?
Well I guess then you'd have to replace this assertViewable by a call to
portal_membership.checkPermission, and then skip the remainings of
page rendering and redirect if the result doesn't evaluate to True.
_______________________________________________
cps-devel mailing list
http://lists.nuxeo.com/mailman/listinfo/cps-devel
---------
Georges Racinet, Nuxeo SAS
Open Source Enterprise Content Management (ECM)
Web: http://www.nuxeo.com/ and http://www.nuxeo.org/ - Tel: +33 1 40
33 79 87
_______________________________________________
cps-devel mailing list
http://lists.nuxeo.com/mailman/listinfo/cps-devel
