Nuxeo mailing list archives
[CPS-devel] assertViewable in main_template
Georges Racinet
gracinet at nuxeo.com
Thu Dec 7 13:57:36 CET 2006
On Dec 7, 2006, at 12:44 PM, Joachim Schmitz wrote:
> Georges Racinet schrieb:
>>
>> On Dec 7, 2006, at 12:05 PM, Joachim Schmitz wrote:
>>
>>> hi,
>>>
>>> in cpsskins_cps3/main_template.pt there is at the top:
>>>
>>> can_raise python:mtool.assertViewable(here);
>>>
>>> this raises the Unauthorized-exeception, if the user accesses an
>>> object which he is not allowed to see. what is intended here I
>>> assume,
>>> cause the enduser gets the Authentication box.
>>>
>>> What is the best way to catch this situation, and provide the user
>>> with not information at all.
>>
>> The purpose is to make the redirection to login_form work for
>> anonymous
>> users.
>> The exception would have been raised later anyway, but would be
>> catched
>> by CPSSkins crash shield, and one'd get the blinking !! instead of
>> being
>> redirected.
>>
>> Apart from that, you have to design your application so that an
>> anthenticated user never gets a link he can't follow. Such a
>> situation
>> qualifies as a bug of the content display layers. This is true for
>> all
>> actions, for example. For catalog-based contents listing, there's a
>> dedicated index.
>>
> In our student_portal the urls to the students private spaces look
> like
>
> ...students/123/something for student 123.
>
> if the student 123 accesses student/456/something by typing that in
> the
> url he get's the authentication-error, cause we catch this
> missbehavior
> within the main_template. The authentication box is no problem. But I
> even don't want to show him the Site Error, which shows up after he
> aborts the authentication. Where is that customizable ?
Well I guess then you'd have to replace this assertViewable by a call to
portal_membership.checkPermission, and then skip the remainings of
page rendering and redirect if the result doesn't evaluate to True.
>
>>
> _______________________________________________
> cps-devel mailing list
> http://lists.nuxeo.com/mailman/listinfo/cps-devel
>
---------
Georges Racinet, Nuxeo SAS
Open Source Enterprise Content Management (ECM)
Web: http://www.nuxeo.com/ and http://www.nuxeo.org/ - Tel: +33 1 40
33 79 87
This list archive provided by Nuxeo, the
leaders of open source ECM.
Check out the Nuxeo 5 open source,
standards-based ECM project.