Unexpected login behaviour

[a.rodger@…]

If you navigate to any page in Trac whilst logged in that 'anonymous' does not have privelges to view (such as browse source) and then click the logout link, you get the message

'FORBIDDEN - BROWSER_VIEW privileges are required to perform this operation'

whereas you would expect to be forwarded back to the homepage or something

Note - I have tracaccountmanager, tracwebadmin and webadminusers plugins installed using HtDigest Auth on Apache 2.0 with mod_python front if it makes any difference

[weltepe@…]

I see this too. For us, users click logout and think their logout failed because they see "Forbidden".

I think instead of just saying 'Forbidden', it should say "Access to page Some-Protected-Page forbidden (you are not logged in)". If the user is logged in but doesn't have permission, that last part should say "(you are logged in, but don't have TRAC_PRIVILEDGE_NAME priviledges)".

The worst part of the current behavior is that the reason given for the page viewing being forbidden is something like: "TICKET_VIEW privileges are required to perform this operation". The new user sees this after clicking logout, and interprets "perform this operation" to mean "logout" instead of "view page".

Related: See ​http://trac-hacks.org/ticket/671 and ​http://trac-hacks.org/ticket/1204

[Christian Boos]

In 0.11, such messages are a bit more user friendly, even prompting the user to log in if not already done.

I think it's "good enough" and better than to arbitrarily redirect to the home page. If someone has additional improvement suggestions (and preferably a patch), then please reopen.