remember url where user was refused so he gets there on login

wcs/admin/root.ptl

@@ -10,6 +10,7 @@ import categories
 from menu import html_top, html_foot
 
 import wcs.errors
+from wcs import storage
 
 def gpl [html] ():
     """<p>This program is free software; you can redistribute it and/or modify it
@@ -32,6 +33,24 @@ class RootDirectory(AccessControlled, Directory): #, AccessControlled):
 
     _q_exports = ["", "settings", "forms", "roles", "users", "categories"]
 
+    def _q_access(self):
+        session = get_session()
+        user = None
+        try:
+            user = storage.get_storage().retrieve('users', session.user)
+        except KeyError:
+            pass
+
+        if not user:
+            if len(storage.get_storage().keys('users')) == 0 or session.user == 'ultra-user':
+                session.set_user('ultra-user')
+                return # bootstrapping
+            raise wcs.errors.AccessUnauthorizedError()
+
+        if not 'site-admin' in user.roles:
+            raise wcs.errors.AccessForbiddenError()
+
+
     def _q_index [html] (self):
         html_top('/')
         gpl()

wcs/liberty/root.ptl

@@ -62,6 +62,8 @@ class RootDirectory(Directory):
             session.name_identifier = ni
             session.set_user('anonymous-%s' % ni)
         response = get_response()
+        if session.after_url:
+            return redirect(session.after_url)
         response.set_status(303)
         response.headers['location'] = urlparse.urljoin(request.get_url(), str('..'))
         response.content_type = 'text/plain'

wcs/sessions.py

@@ -10,9 +10,10 @@ class BasicSession(Session, storage.Storable):
     def __init__(self, id):
         Session.__init__(self, id)
         self.name_identifier = None
+        self.after_url = None
 
     def has_info(self):
-        return self.name_identifier or Session.has_info(self)
+        return self.name_identifier or self.after_url or Session.has_info(self)
     is_dirty = has_info