How a Request is Processed

This is what happens to a request when it is received:

1. Find out if this URL exists
   Match this URL against the set of URL patterns in the system. If there is no match, return a 404 Not Found response and end processing, otherwise continue.
2. Attempt to determine an authenticated user
   • if this succeeds, the user property on the request object is set to the authenticated user
   • if this fails, the user property is set to the default user
3. Find out whether the current user is allowed to perform the requested operation
   • determined according to the access rules
   • if not allowed, reply with the appropriate response code (401 Unauthorized or 404 Not Found depending on the visibility of the object) and end request processing
4. perform the requested operation
   • the result is a response object containing the status code, optional headers, and body content (an object, which will be rendered as in point 4)
5. render the response
   • the following is taken into account when determining how to render it, in order of decreasing priority:
     • the format or lang query parameter in the URL
     • a format or lang cookie
     • the request Accept or Accept-Language headers (processed according to the RFC2616)
       Note: if too many browsers send too evil Accept headers, I may decide to disregard it.
     • defaults: format=html, lang=en

After the response is rendered, processing ends.