On Tue, Jun 24, 2008 at 01:39:28PM +0200, Christian Theune wrote: > I have a problem with the standard item traverser provided by > zope.app.container: > > The item traverser looks up a object using the given name and a __getitem__ > call on the context. If this raises a KeyError it tries to look up a view > given the same name. > > If the user does not have the permission to access __getitem__ it will let the > Unauthorized exception pass through. > > I my situation I have two views for which the user doesn't really need the > permission to access __getitem__ on the container but they can't access the > views because the __getitem__ call will be tried anyway. > > I can explicitly make the URL use '@@viewname' and bypass the item traverser, > but I don't like the @@s in the URL. I wonder whether adding Unauthorized to > the KeyError would be reasonable.
I think not. At least it should not convert Unauthorized into NotFound. If I can access a location (say, http://localhost/container/item) when I'm logged in, then if I try that as an anonymous user, I should get an authentication dialog rather than a 404 Not Found page. Marius Gedminas -- If nothing else helps, read the documentation.
Description: Digital signature
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )