How a Request is Processed

This is what happens to a request when it is received:

1. Find out if this URL exists
   Match this URL against the set of URL patterns in the system. If there is no match, return a 404 Not Found response and end processing, otherwise continue.
2. Attempt to determine an authenticated user
   If this succeeds, the user property on the request object is set to the authenticated user, otherwise it is set to the default user.
3. Find out whether the current user is allowed to perform the requested operation
   Determined according to the access rules; if not allowed, reply with the appropriate response code (401 Unauthorized or 404 Not Found depending on the visibility of the object) and end request processing
4. perform the requested operation
   The result is a response object containing the status code, optional headers, and body content (an object, which will be rendered as in point 4)
5. render the response
   The following is taken into account when determining how to render it, in order of decreasing priority:
   • the format or lang query parameter in the URL
   • a format or lang cookie
   • the request Accept or Accept-Language headers (processed according to the RFC2616)
     Note: if too many browsers send too evil Accept headers, I may decide to disregard it.
   • defaults: format=html, lang=en

After the response is rendered, processing ends.