[Zope3-dev] Unauthorized message
Garrett Smith
garrett at mojave-corp.com
Mon Jul 12 12:55:24 EDT 2004
This message has three parts:
1 - The current view to IUnauthorized (i.e. the browser page used to
tell the user he or she cannot do/see something) displays context
information along with the message 'You are not authorized'.
E.g. when a user does not have permission to a view, he or she sees:
"""
Unautorized
-----------
You are not authorized
browserDefault
"""
I don't think we should display the context information as it's
meaningless to non-developers.
If there are no objections, I'll remove the context from the page template.
The context will still appear in error logs.
2 - It might be nice to improve the clarify of the error message to
something like:
You are not authorized to view this page.
3 - Occassionally a page publication will raise this error the user
doesn't have access to a *part* of the page. E.g. the user might not
have permission to view DC metadata for an object displayed by the page.
I think we should set a policy that views handle such cases elegantly
rather than allow the Unauthoirzed exception to pass through.
I'd be interested in comments from those with experience in this area.
-- Garrett
More information about the Zope3-dev
mailing list