The way that I've handle this in previous applications is that when a user does not have access to a resource they are redirected to the login url (which is passed a location that they will want to return to) and then after a successful login they are sent to the original resource URI.
If, after a successful login, they have insufficient permission to access that resource they are told so. I'm curious why the "intercept with login page until any user with sufficient permission is logged in" presents itself as a superior paradigm. If I logged in successfully but was presented immediately with another login screen, as a user I would think I had my password wrong or something. Travis Bradshaw [EMAIL PROTECTED] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "TurboGears" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/turbogears -~----------~----~----~----~------~----~------~--~---
