> login form, and then check for it on valid login. If it exists,
> redirect. Otherwise, serve the default protected screen.
Ok, so you start with a request object, and likely, you have a plugin
that retrieves the role of the requesting client and compares the
requested resource against a set of rules.
Hence, when the user has a certain role (e.g., "guest") he may not be
granted access to a certain resource as it's not listed in the ACL.
So, maybe that resource exists, maybe it doesn't. How would you know?
Best regards,
Andreas
没有评论:
发表评论