Changes between Version 37 and Version 38 of S3/S3AAA


Ignore:
Timestamp:
01/18/11 00:58:57 (13 years ago)
Author:
Dominic König
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • S3/S3AAA

    v37 v38  
    185185=== Handling Insufficient Permissions ===
    186186
    187 In case the user has insufficient permissions to access a table/record with the requested method, a well-defined response action must take place:
    188 
    189   - in '''interactive''' formats:
     187In case the user has insufficient permissions to access a table/record with the requested method, a well-defined response action must take place depending on the request format:
     188
     189  - in '''HTML''' format:
    190190    - already authenticated users should be informed about the insufficient permissions, and redirected to a (unrestricted) landing page
    191191    - unauthenticated users should be requested to login, and forwarded to a login page
    192   - in '''non-interactive''' formats:
     192  - in '''all other''' formats:
    193193    - authenticated clients must receive a HTTP 403 (Forbidden) error code to cancel the request properly
    194194    - unauthenticated clients must receive a HTTP 401 (Authorization Required) error in order to trigger an authentication attempt
     195    - the client must not be redirected in either of the cases (important!)
    195196
    196197All this is covered by the {{{auth.permission.fail()}}} method:
     
    202203}}}
    203204
    204 For interactive modes, you can alter the destinations for redirection by setting:
     205You can alter the destinations for redirection by setting:
    205206
    206207  - {{{auth.permission.homepage}}} for redirection when the user is logged-in, but has insufficient privileges (defaults to {{{default/index}}}).