ACL "Access Denied" Message is implemented with wiki page
The current situation is that when a user is denied access, they get a page reading You are not allowed to view this page. This is fine for a wiki where read-protected pages are rare. However, our corporate wiki has a default-deny policy, and most pages are not viewable unless you are logged in (to a pre-approved list of user names). Most users have not set the "Remember Me" checkbox, or their cookies get lost, so my most frequent complaint from casual users is "I can't read that link". I can then get them to log in, but I'm sure several users just gave up without telling me.
My local solution was to change Page.py to check if they are not logged in (request.user.name checks False), and print the message "This is probably because you are not logged in. Please select the 'Login' link above.". This changes the casual user's question to "What is my username and password", but it cuts down the requests a great deal.
However, I can't recommend this as a general patch, since each wiki's policy is different. However, if the "access denied" message were a wiki page, then each site could customize it for their situation. For example, I could make a short message about the security policy, add the new Login macro, and take care of most complaints. Also, I wouldn't have to re-patch Page.py with each new release.
If the message comes from a wiki page, then that page may have an ACL as well, and thus there is the possibility that the user can't see that page either. In this case, there would have to be a fallback message. ~~ JohnWhitlock
I like this. http://johannes.sipsolutions.net/patches/moin/all/2008-03-18-10%3a56/002-disallowed-page.patch -- JohannesBerg 2008-03-18 11:05:11