[Zope-Annce] [Ann] Post-Authentication-Hook patch
dieter at handshake.de
Tue Sep 23 17:15:50 EDT 2003
In some case, you want to take special actions once the user has been
determined at the end of traversal. You may, e.g., want to deny
Manager role to any non HTTPS request.
This patch adds support for a *post authentication hook*. It adds code
to the 'validated_hook', called when the user is successfully
authenticated. The code tries to acquire an object
'post_authentication_hook' from 'request.PARENTS'. If this is
successful, it calls this object with the arguments 'request' and
'user'. Usually, this call will raise Unauthorized when it has
objections against the request.
More information about the Zope-Announce