explicitly raise Unauthorized in BaseView if user is not allowed to access object

git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@1666 fd906abe-77d9-0310-91a1-e0d9ade77398
2007-03-25 17:32:37 +00:00 · 2007-03-25 17:32:37 +00:00 · b974605dfb
commit b974605dfb
parent 0de032132c
1 changed files with 3 additions and 3 deletions
--- a/browser/common.py
+++ b/browser/common.py
@ -38,7 +38,7 @@ from zope.publisher.interfaces.browser import IBrowserSkinType
 from zope import schema
 from zope.schema.vocabulary import SimpleTerm
 from zope.security import canAccess, canWrite, checkPermission
-from zope.security.interfaces import ForbiddenAttribute
+from zope.security.interfaces import ForbiddenAttribute, Unauthorized
 from zope.security.proxy import removeSecurityProxy
 from zope.traversing.browser import absoluteURL
 from zope.traversing.api import getName
@ -97,8 +97,8 @@ class BaseView(GenericView):
        self.setSkin(self.loopsRoot.skinName)
        try:
            if not canAccess(context, 'title'):
-                #raise Unauthorized
-                request.response.redirect('login.html')
+                raise Unauthorized
+                #request.response.redirect('login.html')
        except ForbiddenAttribute:  # ignore when testing
            pass