[Zope-dev] Re: [Zope-Coders] Unauthorized results in 401,
shouldn't it result in 403?
Chris Withers
chris at simplistix.co.uk
Thu Apr 21 07:51:19 EDT 2005
Sidnei da Silva wrote:
> | >| 2. Is the above behaviour pluggable at all?
> | >
> | >Not at all.
> |
> | Should it be? Can it be without impacting on performance?
>
> I don't think so. I would expect there's only one sane way to do it.
I'm not sure I agree, I've read lots of different views on this sort of
thing in these two threads, and I think several of them are valid, while
remaining inconsistent with each other. To me, that means it should be
pluggable...
> The source of the other thread is that falling back to unauthorized
> smells wrong, but I can see at least one case where changing this
> might break existing apps.
Yeah, the one Lennart descibes...
> Basically it monkeypatches RESPONSE.unauthorized() and
> RESPONSE._unauthorized().
Aha, as does PAS I see. Does this mean RESPONSE.unauthorized should be a
responsibility of the user folder?
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope-Dev
mailing list