On Tue, Jun 24, 2008 at 01:39:28PM +0200, Christian Theune wrote:
> I have a problem with the standard item traverser provided by
> zope.app.container:
> 
> The item traverser looks up a object using the given name and a __getitem__
> call on the context. If this raises a KeyError it tries to look up a view
> given the same name.
> 
> If the user does not have the permission to access __getitem__ it will let the
> Unauthorized exception pass through.
> 
> I my situation I have two views for which the user doesn't really need the
> permission to access __getitem__ on the container but they can't access the
> views because the __getitem__ call will be tried anyway.
> 
> I can explicitly make the URL use '@@viewname' and bypass the item traverser,
> but I don't like the @@s in the URL. I wonder whether adding Unauthorized to
> the KeyError would be reasonable.

I think not.  At least it should not convert Unauthorized into NotFound.

If I can access a location (say, http://localhost/container/item) when
I'm logged in, then if I try that as an anonymous user, I should get an
authentication dialog rather than a 404 Not Found page.

Marius Gedminas
-- 
If nothing else helps, read the documentation.

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to