Silva Issue Tracker Archive: Issue908

 This tracker has been migrated to Launchpad. Please post new messages at:
Title restrict public view and allow to request roles does not work
Priority wish Status unread
Superseder (list) Nosy List clemens, flynt (list)
Assigned To Topics Silva-0.9.3, membership (list)

Created on 2004-04-06.21:32:48 by clemens, last changed 2004-04-27.09:01:49 by flynt.

msg5523 (view) Author: clemens Date: 2004-04-06.21:32:48
If one restricts the public access of some folder to "Viewer", and
allows role requests via service_memebership, the error page
shown in case of unauthorized access errors.
(I am assuming default layout here).

The reason is an access to "request/model/absolute_url". However
this request/model has not been set up when rendering the error

Steps to reproduce:

 - create a new root
 - create a sub folder in the root.
 - restruct access to the sub folder to Viewer
 - in another browser (or after logging out), try to  view the sub folder;
    when the http-auth popup pops , click cancel

You should get a fallback error message telling You about an error while
rendering the error page.

 Simply using "here" instead of "here/REQUEST/model" seems to fix this one.
Is there any reason why the "here/REQUEST/model" is there at all?

Maybe one can suppress the link "Request a role which allows access to this
location" in case the current user has no roles at all, because 
people will blidly click on the link and run into an endless authorization
failure loop ... well, I have been boiled enough to do it this evening ;-)

Using CoockieCrumbler for authorization instead of plaing http auth
most probably avoid the issue at all.

Accessing the error page in case the public view of the
Root object itself is restricted tio Viewer bugs too, beciaee
the "globals" folder and hence the css stuff is not accessible.
Well, I guess this is of lesser importance.
Date User Action Args
2004-04-27 09:01:49flyntsetnosy: + flynt
2004-04-06 21:32:49clemenscreate