Normally I grouse about 3.x being needlessly obtuse relative to 2.x and 1.x.
This time, I’m wondering about something that’s ALWAYS been an issue for me with ALL versions.
I’m talking about the “You are not authorized to access that location” message that comes up when you log out and when you first hit the area you want to access. Deep links, sure, flash the error message. But if I’m on the front page, that’s ridiculous. If I have just logged out, that’s absurd.
I’ve instead opted to suppress the Auth messages entirely (ever so helpful documentation claims you can suppress it until after the user has logged in, which is an absurd proposition since once the user has logged in there is no longer a need for these messages). And try as I might, I’ve never been able to successfully edit that message (for some reason I end up with two messages that have no predictable behavior).
But this has the downside that if a user does try to access a deep link for which they need to be logged in, there’s no error message telling them that. All there is is the login form. Not terrible, but still, why have the auth error messages if you can’t use them in a user-friendly manner?
On a related note:
I would HUGELY prefer if the auth module were an invisible controller EMBED instead of redirect for users. It feels hacky to see the “/users/login” in my history. If I access a protected page, the login prompt should just appear instead of that page and once successfully logged in, the page is revealed and there is no history of the login action to go back to.
Same for logout.