Paul Carduner wrote:
I am having trouble debugging viewlets that redirect to Unauthorized
pages.  Here is the synopsis.  We have a "dashboard" page with a bunch
of viewlets displaying information about all different parts of the
system.  When one viewlet tries to access forbidden attributes, the
whole page gets redirected to the "Unauthorized" view.  I would rather
see a little message in place of the questionable viewlet saying "this
viewlet is trying to access forbidden data."

Ideally, the viewlet manager would "wrap" each viewlet in some fool
proof environment such that if anything went wrong with the viewlet -
security or otherwise - then the viewlet manager would handle each
problem appropriately.

Can anyone recommend an approach to doing this or explain why it is a
bad idea altogether?

In theory: the viewlet manager should catch an exception generated by a viewlet and attempt to adapt the exception to a viewlet, which the manager should render instead of the original viewlet. If there is no such adapter, or the exception viewlet fails, the viewlet manager should either provide some default or propagate the exception to the whole page.

Alternatively, any hints on debugging security?  I wish there was an
easy way to see exactly which attribute of which object denied access.

I'm sure that will come in time.


Zope3-dev mailing list

Reply via email to