sorry .... this is subtle to spot, but authentication and
authorization is a different thing and it's managed differently
whether you are allowing basic login or not.... I did an incorrect
assumption making my tests and replying before ....
if you try with the decorator @auth.requires_membership('aaa') it
should work , but if you are protecting the page with
@auth.requires_login() the default behaviour is to redirect the user
to the login page.
I think that you may want to use
auth.settings.on_failed_authentication instead of
auth.settings.on_failed_authorization
This is because on_failed_authorization is called only when:
- you are allowing only basic login (if the user specified username
and a password and he's not allowed to see a resource, than he's not
authorized)
- if he's yet logged in and he's not allowed to see a resource
(permission, group, etc not matching)
on all the other cases the real thing happening is that the user is
not authenticated (not yet logged in or anonymous), thus the function
on_failed_authorization is not called.
To sum up briefely, on_failed_authentication gets called before
on_failed_authorization in your case.
On Jan 30, 10:57 pm, Miguel Lopes <[email protected]> wrote:
> On Sun, Jan 30, 2011 at 9:16 PM, Niphlod <[email protected]> wrote:
> > try with auth.settings.on_failed_authorization =
> > failedAuthHandlerandler()
>
> > it works for me ^_^
>
> Not for me! And I can't see how.
> Miguel
