HopObject.onRequest ()
function checks if there's a site in path if true it checks if the site or the user is blocked

Sourcecode in HopObject/securityFunctions.js:
1:   function onRequest() {
2:      autoLogin();
3:      // defining skinpath, membershipLevel
4:      req.data.memberlevel = null;
5:      // if root.sys_frontSite is set and the site is online
6:      // we put it into res.handlers.site to ensure that the mirrored
7:      // site works as expected
8:      if (!path.Site && root.sys_frontSite && root.sys_frontSite.online)
9:         res.handlers.site = root.sys_frontSite;
10:     if (res.handlers.site) {
11:        if (res.handlers.site.blocked)
12:           res.redirect(root.href("blocked"));
13:        if (session.user)
14:           req.data.memberlevel = res.handlers.site.members.getMembershipLevel(session.user);
15:        // set a handler that contains the context
16:        res.handlers.context = res.handlers.site;
17:     } else {
18:        // set a handler that contains the context
19:        res.handlers.context = root;
20:     }
21:  
22:     if (session.data.layout) {
23:        // test drive a layout
24:        res.handlers.layout = session.data.layout;
25:        res.message = session.data.layout.renderSkinAsString("testdrive");
26:     } else {
27:        // define layout handler
28:        res.handlers.layout = res.handlers.context.getLayout();
29:     }
30:  
31:     // set skinpath
32:     res.skinpath = res.handlers.layout.getSkinPath();
33:  
34:     if (session.user && session.user.blocked) {
35:        // user was blocked recently, so log out
36:        session.logout();
37:        res.message = new Exception("accountBlocked");
38:        res.redirect(res.handlers.context.href());
39:     }
40:     // check access, but only if user is *not* a sysadmin
41:     // sysadmins are allowed to to everything
42:     if (!session.user || !session.user.sysadmin)
43:        this.checkAccess(req.action, session.user, req.data.memberlevel);
44:     return;
45:  }