From b974605dfb172a9acccc8266ce833f84dee6413b Mon Sep 17 00:00:00 2001
From: helmutm <helmutm@fd906abe-77d9-0310-91a1-e0d9ade77398>
Date: Sun, 25 Mar 2007 17:32:37 +0000
Subject: [PATCH] explicitly raise Unauthorized in BaseView if user is not
 allowed to access object

git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@1666 fd906abe-77d9-0310-91a1-e0d9ade77398
---
 browser/common.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/browser/common.py b/browser/common.py
index 43a0637..ec05dbd 100644
--- a/browser/common.py
+++ b/browser/common.py
@@ -38,7 +38,7 @@ from zope.publisher.interfaces.browser import IBrowserSkinType
 from zope import schema
 from zope.schema.vocabulary import SimpleTerm
 from zope.security import canAccess, canWrite, checkPermission
-from zope.security.interfaces import ForbiddenAttribute
+from zope.security.interfaces import ForbiddenAttribute, Unauthorized
 from zope.security.proxy import removeSecurityProxy
 from zope.traversing.browser import absoluteURL
 from zope.traversing.api import getName
@@ -97,8 +97,8 @@ class BaseView(GenericView):
         self.setSkin(self.loopsRoot.skinName)
         try:
             if not canAccess(context, 'title'):
-                #raise Unauthorized
-                request.response.redirect('login.html')
+                raise Unauthorized
+                #request.response.redirect('login.html')
         except ForbiddenAttribute:  # ignore when testing
             pass