Changes between Version 30 and Version 31 of S3/S3AAA


Ignore:
Timestamp:
01/18/11 00:33:47 (11 years ago)
Author:
Dominic König
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • S3/S3AAA

    v30 v31  
    147147=== s3_accessible_query ===
    148148
     149=== auth.permission.fail ===
     150
     151In case of failure, a well-defined response action must take place:
     152
     153  - in interactive formats:
     154    - the user should be informed that he has insufficient permissions (if already logged-in)
     155    - the user should be requested to login (+forwarded to the login page)
     156  - in non-interactive formats
     157    - the client must receive a HTTP 401 (Authorization Required) error if not logged-in in order to trigger an authentication attempt
     158    - the client must receive a HTTP 403 (Forbidden) error code to cancel its attempt properly
     159
     160All this is covered by the {{{auth.permission.fail()}}} method:
     161
     162{{{
     163authorised = auth.shn_has_permission("delete", db.my_table)
     164if not authorised:
     165    auth.permission.fail()
     166}}}
     167
     168For interactive modes, you can set the destinations for redirection before calling {{{auth.permission.fail()}}}:
     169
     170  - {{{auth.permission.homepage = URL(...)}}} for the case where the user is logged-in, but has insufficient privileges (defaults to {{{default/index}}}).
     171  - {{{auth.permission.loginpage = URL(...)}}} for the case where the user is not logged-in (defaults to {{{default/user/login}}}).
     172
     173Example: redirect to {{{my/index}}} rather than to {{{default/index}}} in case of insufficient privileges of an authenticated user:
     174
     175{{{
     176authorised = auth.shn_has_permission("delete", db.my_table)
     177if not authorised:
     178    auth.permission.homepage = URL(r=request, c="my", f="index")
     179    auth.permission.fail()
     180}}}
    149181== Data Access Tracking (Audit) ==
    150182