Am 04.07.2008 um 07:37 schrieb Christian Theune:

On Fri, 2008-07-04 at 02:10 +0300, Marius Gedminas wrote:
On Tue, Jun 24, 2008 at 01:39:28PM +0200, Christian Theune wrote:
[...]
I can explicitly make the URL use '@@viewname' and bypass the item traverser, but I don't like the @@s in the URL. I wonder whether adding Unauthorized to
the KeyError would be reasonable.

I think not. At least it should not convert Unauthorized into NotFound.

If I can access a location (say, http://localhost/container/item) when I'm logged in, then if I try that as an anonymous user, I should get an
authentication dialog rather than a 404 Not Found page.

Actually, in my case its, when logged in I can use:

http://localhost/container/view

When not logged in, I get an Unauthorized, although when accessing

http://localhost/container/@@view

I can go ahead as anonymous.

IMHO the code merging the namespaces should be more careful about that.

IMHO the ItemTraverser should not lookup the view by itself, but delegate to the 'view' traverser, somethind like:

    def publishTraverse(self, request, name):
        """See zope.publisher.interfaces.IPublishTraverse"""
        try:
            return self.context[name]
        except KeyError:
            try:
return namespaceLookup('view', name, self.context, request)
            except TraversalError:
                pass

        raise NotFound(self.context, name, request)

Regards
Markus Kemmerling

_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to