[Zope-dev] (no subject)

Will Fife will@techfuel.com
Thu, 24 Jun 1999 13:23:19 -0700 (PDT)


I have noticed some odd behavior when using the UserDb module for
authentication on a sub folder.

Lets say that my root folder is protected through the normal zope
authentication, and I have a folder off of it called "spam" that is
protected using the UserDb module with cookie authentication.

The User tries to access the root folder and it pops up the normal
netscape authorization window, and the user tried to authenticate, but
does not have a valid account.  The user then tries to access the "spam"
folder which is using the UserDb module, it tries to authenticate the user
using the standard netscape authentication, not the cookie authentication,
and the user will be unable to authenticate, even with a correct
user/password combination.




On Thu, 24 Jun 1999, Jim Washington wrote:

> So I am working for this professor, and he wants a temporary file drop
> location for students to put their class assignments on the server.
> 
> I say: Zope. (of course).  No worrying about network protocols. 
> Accessible from anywhere there is a browser, secure, etc, etc. Plus,
> removing the users and files later on would be just a few clicks...
> Magic!
> 
> I set the professor up as Manager of a Zope folder, and under that
> folder, I set-up some folders for the students.  They have individual
> Manager rights in their subfolders, so all they have to do is upload
> their files, and all I have to do is put together a few lines of  DTML
> making appropriate links in a document in the upper folder to nicely
> display the files in the student folders.
> 
> The problem is that once a student has logged in as Manager of a
> subfolder and added their files, they cannot view the public interface
> in the professor's folder until they quit and restart the web browser. 
> By logging in as a manager of a subfolder, they lose rights to view
> stuff they could view "anonymous"-ly.  This is with Zope-1.10.3b1, but
> 2.0a3 seems to have the same behavior.
> 
> I had never noticed this before.  Then again, I am always using Zope as
> Manager from the top level. or purely anonymously.
> 
> Anyway, this could be a word of warning for similar situations or a bug
> report or a request for suggestions how I could have done this better. I
> can't decide, so I thought I would just tell the story.
> 
> Regards,
> 
> -- Jim Washington
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://www.zope.org/mailman/listinfo/zope
> 
> (For developer-specific issues, use the companion list,
> zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
> 

--------========================================================--------
Phone: (949) 581-1700         Will Fife	 	 http://www.techfuel.com
Pager: (949) 451-9443      System Engineer             will@techfuel.com
--------========================================================--------