Template access, redirect doesn't work

[GDmac]

1. If i have a {layout='group/_layout1'} ,
   that has only access for members,
   then the no-access redirect on the layout doesn't work
   (it just shows a blank page).

2. in general the no-access redirect is unclear,
   as it does not do a redirect but show the other content in place (see below)

---

Clarification

//  template group/_layout1 (Access: members only, no-access redirect: group/nope)
info: {layout:contents}

//  template group/test (Access: all)
{layout='group/_layout1}
Hello world

//  template group/nope (Access: all)
Nope

1. Bug
   When logged in and visiting group/test you get, info: Hello world
   When logged out (e.g. private window) you get a blank page
   Expected output, Nope (due to the no-access redirect on layout)
   (When setting no-access on group/test template, then the "nope" is shown, it does not work for layouts)

2. in-discrepancy
   In general, the template setting "No access redirect" has unclear wording.
   It redirects the "template-engine" to use and show another template in its place,
   instead of redirecting the "user" to another group/template as the wording suggests.
   It just serves the group/nope content on group/test url with a 200 header

   What is expected, depends on the programmers intention
   - 403 / 200 shown in place on current uri (e.g. content with link to login-page)
   - 302 redirect to another page (e.g. http redirect to login-page)
   - showing 404 content in place almost never seems adequate, because the resource does exist but has access restrictions

[nep]

I'm having trouble following this -- can you explain?

[GDmac]

I have updated the issue with examples, hope it is more clear now

[intoeetive]

@GDmac thank you for the report.

I believe the first part should be treated as a bug, so submitting a fix

However as of second part (redirect type) there is variety of options (i.e. HTTP response headers - just like you mention). In my opinion, this would be developer's job to set the correct HTTP header using "HTTP Header" plugin that's bundled with EE.
Alternatively, we may consider adding an extra setting for HTTP Header - but we should not assume anything by default, as it will change behaviour for existing sites

[GDmac]

IMO at least the wording on the template access page should be changed to clarify.
because the user is not redirected, the selected template is shown in place on this current templates url.
e.g. No Access, select template to be used for unauthorized users

[intoeetive]

@robinsowell I'm interested to know your opinion on this. I think it should be just "No access template" and "Template to show to unauthorized user" as that's what it is, but maybe you have better wording

[matthewjohns0n]

I reviewed @intoeetive's code change and approved it. I am also wondering what @robinsowell thinks before we merge and release though.

[robinsowell]

Definitely agree, #1 was buggy!

Also agree on #2, the behavior shouldn't change, but it's a good point about 'redirect' being misleading. The first time I ran into it I thought 'huh, that wasn't quite what I thought it meant'. Redirect has a pretty standard interpretation, and what we do there isn't really it.

Maybe:
'No Access Template' instead of 'No access redirect'.
'Template contents to display for unauthorized users' instead of 'Page to redirect unauthorized users to'.

I think it's just a language tweak, and worth doing.

[GDmac]

Great, thank you