[CPS-devel] assertViewable in main_template

[Joachim Schmitz]

Georges Racinet schrieb:
> 
> On Dec 7, 2006, at 12:05 PM, Joachim Schmitz wrote:
> 
>> hi,
>>
>> in cpsskins_cps3/main_template.pt there is at the top:
>>
>> can_raise python:mtool.assertViewable(here);
>>
>> this raises the Unauthorized-exeception, if the user accesses an
>> object which he is not allowed to see. what is intended here I assume,
>> cause the enduser gets the Authentication box.
>>
>> What is the best way to catch this situation, and provide the user
>> with not information at all.
> 
> The purpose is to make the redirection to login_form work for anonymous
> users.
> The exception would have been raised later anyway, but would be catched
> by CPSSkins crash shield, and one'd get the blinking !! instead of being
> redirected.
> 
> Apart from that, you have to design your application so that an
> anthenticated user never gets a link he can't follow. Such a situation
> qualifies as a bug of the content display layers. This is true for all
> actions, for example. For catalog-based contents listing, there's a
> dedicated index.
> 
In our student_portal the urls to the students private spaces look like

...students/123/something for student 123.

if the student 123 accesses student/456/something by typing that in the
url he get's the authentication-error, cause we catch this missbehavior
within the main_template. The authentication box is no problem. But I
even don't want to show him the Site Error, which shows up after he
aborts the authentication. Where is that customizable ?

>