SQLAlchemy + URL Dispatch Wiki Tutorial

[rihad]

Hi, all.

http://docs.pylonsproject.org/projects/pyramid/en/1.2-branch/tutorials/wiki2/authorization.html

I think there's an error in the "Adding Authorization" authorization
part. In login.py, login() should return in the dict:
url = request.url,
instead of:
url = request.application_url + '/login',

because the login view having
context='pyramid.httpexceptions.HTTPForbidden' will never match a POST
to /login, resulting a HTTP 404 Not Found when the form is submitted.

Second, I think HTTPForbidden isn't appropriate because when a user
isn't authorized, it's not a HTTP Forbidden (403) taking place, but
rather an application-level HTTP 200 Ok requiring to submit user
credentials.