Hi Titus,

What I do at ForecastWatch (http://www.forecastwatch.com) is go around
throwing an AccessError and instead throw PublishErrors instead and
catch everything in _q_exception_handler, which will allow you to return
a page.  For example, in my _q_access:

def _q_access (request):
    if request.session.user is None or not request.session.user.isValid():
        raise NotLoggedInError
    products = request.session.user.getUserProducts()
    if not products.canAccessProduct('drilldown'):
        raise TraversalError

"NotLoggedInError" is of type "PublishError".  Then in
_q_exception_handler I have:

def _q_exception_handler [html] (request, exception):
    root = request.environ['SCRIPT_NAME']
    if exception.__class__ is SessionError:
        get_session_manager().revoke_session_cookie(request)
        get_publisher().start_request(request)
        return request.redirect(request.get_path())
    elif exception.__class__ is NotLoggedInError:
        message = str("
Please Login to ForecastWatch.com
\
        The page you are trying to access requires a valid username and
password.
\
        Please enter your username and password below and you will be
redirected
\
        to the page you are trying to access.
\
        
If you are having trouble, please email support.
")
        default_page_onepane(request, root, "ForecastWatch.com Login",
login_rightpane(root, request, message, request.get_path()))
    elif exception.__class__ is TraversalError:
        ...
    else:
        raise exception

Perhaps turning what should be an AccessError into a PublishError isn't
philosophically correct, but I look at it this way...since the user
hasn't logged in and is trying to access a page that requires one, the
system can't publish that page for him :-).

Regards,
Eric



Titus Brown wrote:

>Hi all,
>
>I didn't see much (any?) mention of it on this list, but the
>PyWebOff completed a Quixote application & Michelle Levesque
>had a few problems.
>
>One of the things she wanted to do was control access by login,
>and post a login page for people who weren't logged in.  By default,
>however, exceptions raised by _q_access are printed out in escaped
>HTML, preventing redirects and forms.
>
>I suggested a namespace reorganization & a try/except clause in
>an app-specific Publisher class, but was curious to see if people on
>this list had any better suggestions.
>
>Here's my suggested code:
>--
>
>class MyPublisher(SessionPublisher):
>    ...
>
>    def try_publish(self, request, path):
>       try:
>          return SessionPublisher.try_publish(self, request, path)
>       except NotLoggedIn, e:
>          return "you should log in"  # or redirect, or form, or...
>
>--
>
>and you can read the entire thing on my advogato diary at
>
>       http://www.advogato.org/person/titus/diary.html?start=42
>
>cheers,
>--titus
>_______________________________________________
>Quixote-users mailing list
>Quixote-users@mems-exchange.org
>http://mail.mems-exchange.org/mailman/listinfo/quixote-users
>
>