[Zope-dev] Itemtraverser and Unauthorized vs Views
Markus Kemmerling
markus.kemmerling at meduniwien.ac.at
Fri Jul 4 03:37:15 EDT 2008
Am 04.07.2008 um 07:37 schrieb Christian Theune:
> On Fri, 2008-07-04 at 02:10 +0300, Marius Gedminas wrote:
>> On Tue, Jun 24, 2008 at 01:39:28PM +0200, Christian Theune wrote:
>>> [...]
>>> I can explicitly make the URL use '@@viewname' and bypass the
>>> item traverser,
>>> but I don't like the @@s in the URL. I wonder whether adding
>>> Unauthorized to
>>> the KeyError would be reasonable.
>>
>> I think not. At least it should not convert Unauthorized into
>> NotFound.
>>
>> If I can access a location (say, http://localhost/container/item)
>> when
>> I'm logged in, then if I try that as an anonymous user, I should
>> get an
>> authentication dialog rather than a 404 Not Found page.
>
> Actually, in my case its, when logged in I can use:
>
> http://localhost/container/view
>
> When not logged in, I get an Unauthorized, although when accessing
>
> http://localhost/container/@@view
>
> I can go ahead as anonymous.
>
> IMHO the code merging the namespaces should be more careful about
> that.
IMHO the ItemTraverser should not lookup the view by itself, but
delegate to the 'view' traverser, somethind like:
def publishTraverse(self, request, name):
"""See zope.publisher.interfaces.IPublishTraverse"""
try:
return self.context[name]
except KeyError:
try:
return namespaceLookup('view', name, self.context,
request)
except TraversalError:
pass
raise NotFound(self.context, name, request)
Regards
Markus Kemmerling
More information about the Zope-Dev
mailing list