Changes between Version 31 and Version 32 of S3/S3AAA


Ignore:
Timestamp:
01/18/11 00:38:17 (14 years ago)
Author:
Dominic König
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • S3/S3AAA

    v31 v32  
    151151In case of failure, a well-defined response action must take place:
    152152
    153   - in interactive formats:
    154     - the user should be informed that he has insufficient permissions (if already logged-in)
    155     - the user should be requested to login (+forwarded to the login page)
    156   - in non-interactive formats
    157     - the client must receive a HTTP 401 (Authorization Required) error if not logged-in in order to trigger an authentication attempt
    158     - the client must receive a HTTP 403 (Forbidden) error code to cancel its attempt properly
     153  - in '''interactive''' formats:
     154    - already authenticated users should be informed about the insufficient permissions, and redirected to a (unrestricted) landing page
     155    - unauthenticated users should be requested to login, and thus forwarded to a login page
     156  - in '''non-interactive''' formats:
     157    - authenticated clients must receive a HTTP 403 (Forbidden) error code to cancel the request properly
     158    - unauthenticated clients must receive a HTTP 401 (Authorization Required) error in order to trigger an authentication attempt
    159159
    160160All this is covered by the {{{auth.permission.fail()}}} method:
     
    166166}}}
    167167
    168 For interactive modes, you can set the destinations for redirection before calling {{{auth.permission.fail()}}}:
     168For interactive modes, you can alter the destinations for redirection by setting:
    169169
    170   - {{{auth.permission.homepage = URL(...)}}} for the case where the user is logged-in, but has insufficient privileges (defaults to {{{default/index}}}).
    171   - {{{auth.permission.loginpage = URL(...)}}} for the case where the user is not logged-in (defaults to {{{default/user/login}}}).
     170  - {{{auth.permission.homepage}}} for redirection when the user is logged-in, but has insufficient privileges (defaults to {{{default/index}}}).
     171  - {{{auth.permission.loginpage}}} for redirection when the user is not logged-in (defaults to {{{default/user/login}}}).
    172172
    173173Example: redirect to {{{my/index}}} rather than to {{{default/index}}} in case of insufficient privileges of an authenticated user: