[Zope] AUTHENTICATED_USER, and what you can do with it.

Martijn Pieters mj@antraciet.nl
Tue, 02 Mar 1999 15:34:37 +0100


At 14:23 02/03/99 , JP Glutting wrote:
>Does anyone have any more information on AUTHENTICATED_USER? We saw a while 
>back that it has properties (AUTHENTICATED_USER.has_role(['Manager', 
>'Editor'])). I would like to be able to get the user name, and use that to 
>index simple files for users. Is there something like 
>AUTHENTICATED_USER['UserName']?? This is essentially the information that is 
>returned if you try <!--#var AUTHENTICATED_USER-->. However, if you try 
>something like <!--#if "AUTHENTICATED_USER in objectIds()"-->, it does not 
>work.
>

Use <!--#var expr="AUTHENTICATED_USER.getUserName()"-->

More hints linke this can be found in the User.py file in your
lib/python/AccessControl directory.

The following functions could be usefull:

getUserName(self): Return the username of a user
getRoles(self): Return the list of roles assigned to a user. 
getDomains(self): Return the list of domain restrictions for a user
allowed(self, parent, roles=None): Check wether the user has access to parent
hasRole(self, parent, roles=None): Check wether the user has the specified
roles
has_role(self, roles): Check wether the user has the specified roles

allowed & hasRole are one and the same. When called with parent=None, it
just returns wether the user has the named roles. has_role also checks for
roles, but doesn't automatically include the Anonymous role. So,
hasRole(None, 'Anonymous') always returns true, but has_role('Anonymous')
returns false for every user that has been authenticated.

Note that AUTHENTICATED_USER is always defined, also for anonymous access.

Here is a little example of what you could do with these functions:

<!--#comment-->Display user info<!--#/comment-->
You are the user named <!--#var expr="AUTHENTICATED_USER.getUserName()"-->.<P>

<!--#if "AUTHENTICATED_USER.getRoles()"-->
  You have the following roles:

  <!--#in "AUTHENTICATED_USER.getRoles()"-->
    <LI><!--#var sequence-item-->
  <!--#/in-->
<!--#else-->
  You have no roles defined.
<!--#/if-->
<P>

<!--#if "AUTHENTICATED_USER.getDomains()"-->
  You are allowed to log in from the following domains:

  <!--#in "AUTHENTICATED_USER.getDomains()"-->
    <LI><!--#var sequence-item-->
  <!--#/in-->
<!--#else-->
  You can log in from any domain.
<!--#/if-->
<P>

<!--#if "AUTHENTICATED_USER.has_role(['Manager'])"-->
You have the 'Manager' role.<BR>
<!--#/if-->

<!--#if "AUTHENTICATED_USER.has_role(['Anonymous'])"-->
You have the 'Anonymous' role. You are therefore an anonymous user.<BR>
<!--#/if-->

<!--#if "AUTHENTICATED_USER.has_role(['nonexistent'])"-->
You have the 'nonexistent' role.<BR>
<!--#/if-->
<!--#var standard_html_footer-->

The last call to has_role is to show that the user defined in the 'access'
file in the root folder of your Zope installation, has ALL roles, including
non-existent ones. And even more interesting, the call to getRoles() will
get you 'manage', a misspelled version of the 'Manager' role. This is
probably the only way to reliably recognize the superuser.


--
M.J. Pieters, Web Developer
| Antraciethttp://www.antraciet.nl
| Tel: +31-35-6254545 Fax: +31-35-6254555
| mailto:mj@antraciet.nl http://www.antraciet.nl/~mj
| PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149
------------------------------------------