Changes between Version 37 and Version 38 of S3/S3AAA
- Timestamp:
- 01/18/11 00:58:57 (13 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
S3/S3AAA
v37 v38 185 185 === Handling Insufficient Permissions === 186 186 187 In case the user has insufficient permissions to access a table/record with the requested method, a well-defined response action must take place :188 189 - in ''' interactive''' formats:187 In case the user has insufficient permissions to access a table/record with the requested method, a well-defined response action must take place depending on the request format: 188 189 - in '''HTML''' format: 190 190 - already authenticated users should be informed about the insufficient permissions, and redirected to a (unrestricted) landing page 191 191 - unauthenticated users should be requested to login, and forwarded to a login page 192 - in ''' non-interactive''' formats:192 - in '''all other''' formats: 193 193 - authenticated clients must receive a HTTP 403 (Forbidden) error code to cancel the request properly 194 194 - unauthenticated clients must receive a HTTP 401 (Authorization Required) error in order to trigger an authentication attempt 195 - the client must not be redirected in either of the cases (important!) 195 196 196 197 All this is covered by the {{{auth.permission.fail()}}} method: … … 202 203 }}} 203 204 204 For interactive modes, you can alter the destinations for redirection by setting:205 You can alter the destinations for redirection by setting: 205 206 206 207 - {{{auth.permission.homepage}}} for redirection when the user is logged-in, but has insufficient privileges (defaults to {{{default/index}}}).