markus.kemmerling at meduniwien
Jul 4, 2008, 12:37 AM
Post #4 of 4
(247 views)
Permalink
|
|
Re: Itemtraverser and Unauthorized vs Views
[In reply to]
|
|
Am 04.07.2008 um 07:37 schrieb Christian Theune:
> On Fri, 2008-07-04 at 02:10 +0300, Marius Gedminas wrote:
>> On Tue, Jun 24, 2008 at 01:39:28PM +0200, Christian Theune wrote:
>>> [...]
>>> I can explicitly make the URL use '@@viewname' and bypass the
>>> item traverser,
>>> but I don't like the @@s in the URL. I wonder whether adding
>>> Unauthorized to
>>> the KeyError would be reasonable.
>>
>> I think not. At least it should not convert Unauthorized into
>> NotFound.
>>
>> If I can access a location (say, http://localhost/container/item)
>> when
>> I'm logged in, then if I try that as an anonymous user, I should
>> get an
>> authentication dialog rather than a 404 Not Found page.
>
> Actually, in my case its, when logged in I can use:
>
> http://localhost/container/view
>
> When not logged in, I get an Unauthorized, although when accessing
>
> http://localhost/container/@@view
>
> I can go ahead as anonymous.
>
> IMHO the code merging the namespaces should be more careful about
> that.
IMHO the ItemTraverser should not lookup the view by itself, but
delegate to the 'view' traverser, somethind like:
def publishTraverse(self, request, name):
"""See zope.publisher.interfaces.IPublishTraverse"""
try:
return self.context[name]
except KeyError:
try:
return namespaceLookup('view', name, self.context,
request)
except TraversalError:
pass
raise NotFound(self.context, name, request)
Regards
Markus Kemmerling
_______________________________________________
Zope-Dev maillist - Zope-Dev[at]zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
|
signature.asc
