如果用户没有渲染视图的权限(在configure.zcml上配置)，我如何提高禁止访问权限而不是重定向到login_form? [英] If a user doesn't have permission to render a View (configured on configure.zcml), how do I raise Forbidden instead of redirecting to login_form?

问题描述

我有一个带有某些实用程序的浏览器视图.主要是我使用旧式pt模板(在skins文件夹内)遍历的实用程序视图".我的browser/configure.zcml:

I have a browser view, with some utilities. Is mainly an "utility view" that I traverse using old-style pt templates (that are inside skins folder). My browser/configure.zcml:

  <browser:page
      for="*"
      name="my_view"
      class=".myview.MyView"
      allowed_interface=".myview.IMyView"
      permission="my.permission"
      />

如您所见，它具有自定义权限:这是必需的，因为匿名用户无法呈现此视图，并且该权限确实特定于我的门户网站中的特定情况.

As you can see, it has a custom permission: this is needed because anonymous users can't render this view and this permission is really specific to a certain situation in my portal.

我以为:我将尝试在template.pt中渲染视图:由于我已经在browser/configure.zcml中设置了权限，因此当尝试渲染Plone本身时，它将为我自己处理.所以我在模板中做了

I thought: I'm going to try to render the view in my template.pt: since I've already set a permission in browser/configure.zcml, when trying to render Plone itself is going to handle this for me. So I did in my template

    <span tal:define="my_view here/@@myview">
    </span>

到目前为止，太好了.没有my.permission的用户尝试进入/Plone/template.pt将会失败.但是Plone重定向到登录表单，我更愿意提出一个Forbidden异常.像这样:

So far, so good. A user without my.permission trying to get into /Plone/template.pt will fail. But Plone redirects to the login form, and I would prefer to raise a Forbidden exception instead. Something like:

    <span tal:define="my_view here/@@myview | here/raiseForbidden">
    </span>

...但是，由于视图渲染未引发错误，因此这当然不起作用. (我知道这里/raiseForbidden不存在，通常使用这里/raiseUnauthorized，但概念相同)

...but, of course, this doesn't work since the view rendering didn't throw an error. (I know here/raiseForbidden doesn't exist, it's here/raiseUnauthorized that is usually used but the concept is the same)

我的问题是:有可能做到吗?在某处配置我的权限，或在我的视图中配置某种方法(例如render或__call__)，即当用户无权呈现该权限时，

My question is: is it possible to do it? Configuring my permission somewhere, or configuring some method in my view (like render or __call__), that when a user doesn't have permission to render it, an exception like Forbidden is raised?

推荐答案

克隆会重定向到登录表单，因为您引发了未经授权.如果您想要不同的行为，则需要做一些不同的事情.

Plone redirects to the login form because you raise Unauthorized. If you want different behaviour you'll need to do something different.

在这种情况下，您可以将用户直接重定向到新页面，并显示针对具体情况的错误消息.

In this case, you could directly redirect the user to a new page with an error message tailored to the situation.

这篇关于如果用户没有渲染视图的权限(在configure.zcml上配置)，我如何提高禁止访问权限而不是重定向到login_form?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！