[Zope-dev] Re: user roles & authentication
Grant K Rauscher
Grant K Rauscher <grant7@sbcglobal.net>
Sat, 09 Nov 2002 19:38:39 -0800
> This is how the HTTP 1/1 specification requires it to be.
> Your browser follows this spec.
Dieter,
I understand the HTTP spec... but ZOPE does not work that way.
I can use methods which require roles above where I logged in. The
methods used for returning the roles themselves do not correlate with ZOPE's
own actions. Therefore ZOPE has an internal inconsistency regarding user
authentication with basic HTTP authorization.
> Apparently, you are using a user folder that uses basic authentication.
> There are user folders around that can (be configured to) use
> Cookie authentication. You can also use CookieCrumber for that.
yes, I've used one or two - but I'm concerned with remedying the default
ZOPE authentication mechanism, which is broken
> <dtml-call "REQUEST.set('roles',['Anonymous',])">
> <dtml-if AUTHENTICATED_USER>
> <dtml-call "REQUEST.set('roles',AUTHENTICATED_USER.getRoles())">
> </dtml-if>
Paul,
thanks, but your suggestion isn't applicable since the result of
AUTHENTICATED_USER.getRoles() is wrong.
Grant K Rauscher
GeeKieR Enterprises
http://www.geekier.com/