On 4 June 2012 14:59, Przemyslaw <[email protected]> wrote:
b) register a custom view handling 404 situation, that would redirect
> to the login page if no user is logged in, or show actual 404 message.
> I'd also need something similar for "forbidden view". This seems like
> mixing layers - I don't want authentication-related stuff in my views.
>
>
c) do both at the same time:
> @view_config(context=HTTPNotFound,
> renderer='templates/error.pt',
> permission=NO_PERMISSION_REQUIRED)
> @view_config(context=HTTPForbidden,
> renderer='templates/error.pt',
> permission=NO_PERMISSION_REQUIRED)
> def error_view(context, request):
> """
> A combo view that changes 'forbidden' error status into 'not found'
> for users that are not authenticated,
> so that they cannot even see that there is something at some url.
> """
>
> if context.status_int==404 and request.logged_in:
> request.response.status_int = 404
> msg = u'Not found: %s' % context.detail
> else:
> request.response.status_int = 403
> msg = u'Access denied'
>
> return {
> # context may be None
> 'main_template': get_renderer('templates/main_template.pt
> ').implementation(),
> 'msg': msg,
> }
>
if you display the same content in both cases, nobody can tell the
difference between a real 404 and a fake one.
--
You received this message because you are subscribed to the Google Groups
"pylons-discuss" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/pylons-discuss?hl=en.
