[Zope-CMF] Require Login and Members only CMF
Mike Forster
mike@sharedlogic.ca
Tue, 14 Aug 2001 02:58:07 -0500
On Mon, 09 Jul 2001, Shane Hathaway wrote:
> Put all of your site content in a folder. In that folder, visit the
> Security tab. Disallow the "View" and "Access contents information"
> permissions for the Anonymous role. That way, users who haven't logged
> in won't be able to access anything in the folder.
>
> Don't turn off the View permission for the site root, though, since that
> will prevent users from viewing the login page... unless you don't mind
> using basic auth instead of cookies.
On Wed, 18 Jul 2001, Tres Seaver wrote:
> Go to the "Security" tab of a CMFSite, and remove all anonymous
> permissions (uncheck acquired, too). Voila! you have what you
> want.
I found that for the Anonymous role, I needed "Access contents information"
enabled in the root and "View" enabled in either the root or the CMF folder,
to avoid a redirection loop. No problem.
Now I get the login form right away, as desired. Good. Click "Home" or
"News" and I get redirected to the login form. Great. HOWEVER, click the
"GO" button or type in the ".../search" URL (not .../search_form) and an
unauthenticated user IS IN! Not good.
Any thoughts? I'm running CMF 1.1 on Zope 2.3.3 on Slackware 8.0.
--
Mike Forster
mike@sharedlogic.ca
.