[Zope-dev] Login/Authentication/Authorization tools wrt
SquishDot
Martijn Pieters
mj@antraciet.nl
Wed, 25 Aug 1999 20:14:21 +0200
At 15:07 25-8-99 , Neal Holtz wrote:
> 1. A way to identify in DTML the rights of the current user, so
> pages can be adapted. I would like to get the loginId for the
> user, but more important, I think, would be just a way to
> test for various roles. EG: "is the current user a registered
> student?", etc.
The AUTHENTICATED_USER object has several methods that are of use here.
The one you want to use is has_role:
<!--#if "AUTHENTICATED_USER.has_role(['Role 1', 'Role2'])-->
This text will only be visible to users that have a 'Role1' or 'Role2' role.
<!--#/if-->
> A Quick reading of Publish.py (in Zope 1.10.3) seems to show all
> the authorization logic deeply bound into method 'publish', and
> it would be nice to have that brought out into a separate method.
The AUTHENTICATED_USER code can be found in
lib/python/AccessControl/User.py, in the classes BasicUser and User (the
latter is a subclass of the first).
> 2. A way to import a few hundred userids, passwords, and roles,
> from our own registration databases. Or would it be better
> to let the webserver authenticate people? - I was going to let
> Zope do it.
For this you could use UserDB. It is an alternative UserFolder object, that
let's you authenticate users against a database. It can be adjusted to fit
any existing database schema. You can download the UserDB product from:
http://www.zope.org/Download/Prereleases/UserDB
> 3. A way to have a 'login' link that allows a user to change their
> identities at any time (more useful for me during testing, but I
> would like anyone to be able to view pages anonymously at
> any time, but only have to login when they wish to post an
> unmoderated response to an article.
On of the nice extras that UserDB offers is cookie-based authentication.
Normally Zope uses the HTTP Basic Authentication protocol, and current
browser implementations make it difficult to switch username and password
within a website. With UserDB, you can easily give the user a webpage where
they can offer a new username and password combination to switch Roles, or
a logout page to switch back to the Anonymous Role.
--
Martijn Pieters, Web Developer
| Antraciet http://www.antraciet.nl
| T: +31 35 7502100 F: +31 35 7502111
| mj@antraciet.nl http://www.antraciet.nl/~mj
| PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149
---------------------------------------------