close
Warning:
BrowserModule failed with OperationalError: database is locked
- Timestamp:
-
01/18/11 00:38:17 (12 years ago)
- Author:
-
Dominic König
- Comment:
-
--
Legend:
- Unmodified
- Added
- Removed
- Modified
-
|
v31
|
v32
|
|
| 151 | 151 | In case of failure, a well-defined response action must take place: |
| 152 | 152 | |
| 153 | | - in interactive formats: |
| 154 | | - the user should be informed that he has insufficient permissions (if already logged-in) |
| 155 | | - the user should be requested to login (+forwarded to the login page) |
| 156 | | - in non-interactive formats |
| 157 | | - the client must receive a HTTP 401 (Authorization Required) error if not logged-in in order to trigger an authentication attempt |
| 158 | | - the client must receive a HTTP 403 (Forbidden) error code to cancel its attempt properly |
| | 153 | - in '''interactive''' formats: |
| | 154 | - already authenticated users should be informed about the insufficient permissions, and redirected to a (unrestricted) landing page |
| | 155 | - unauthenticated users should be requested to login, and thus forwarded to a login page |
| | 156 | - in '''non-interactive''' formats: |
| | 157 | - authenticated clients must receive a HTTP 403 (Forbidden) error code to cancel the request properly |
| | 158 | - unauthenticated clients must receive a HTTP 401 (Authorization Required) error in order to trigger an authentication attempt |
| 159 | 159 | |
| 160 | 160 | All this is covered by the {{{auth.permission.fail()}}} method: |
| … |
… |
|
| 166 | 166 | }}} |
| 167 | 167 | |
| 168 | | For interactive modes, you can set the destinations for redirection before calling {{{auth.permission.fail()}}}: |
| | 168 | For interactive modes, you can alter the destinations for redirection by setting: |
| 169 | 169 | |
| 170 | | - {{{auth.permission.homepage = URL(...)}}} for the case where the user is logged-in, but has insufficient privileges (defaults to {{{default/index}}}). |
| 171 | | - {{{auth.permission.loginpage = URL(...)}}} for the case where the user is not logged-in (defaults to {{{default/user/login}}}). |
| | 170 | - {{{auth.permission.homepage}}} for redirection when the user is logged-in, but has insufficient privileges (defaults to {{{default/index}}}). |
| | 171 | - {{{auth.permission.loginpage}}} for redirection when the user is not logged-in (defaults to {{{default/user/login}}}). |
| 172 | 172 | |
| 173 | 173 | Example: redirect to {{{my/index}}} rather than to {{{default/index}}} in case of insufficient privileges of an authenticated user: |
