[Zope] FW: Change roles with python

Andrew R. Halko ahalko@insivia.com
Sat, 31 May 2003 09:28:30 -0400


In User.py there are some lines:

_remote_user_mode=_remote_user_mode
_domain_auth_mode=0
_emergency_user=emergency_user
# Note: use of the '_super' name is deprecated.
_super=emergency_user
_nobody=nobody

Is all I have to change the _domain_auth_mode=0 to be 1?

Also, how would you put a range of IPs like a class C in the domain
field?

Sorry for all the questions, but here are a few just for pure interest
and not a big deal if you don't answer.  For a created user not to have
a password, do they have to have a domain restriction?  Can multiple
ones be created with the same or different restrictions?  

Thanks for everything, I was getting worried I had no way to do it.

Andrew R. Halko

-----Original Message-----
From: Dieter Maurer [mailto:dieter@handshake.de] 
Sent: Saturday, May 31, 2003 5:20 AM
To: Andrew R. Halko
Cc: Zope@zope.org
Subject: RE: [Zope] FW: Change roles with python

Andrew R. Halko wrote at 2003-5-29 15:21 -0400:
 > Well I want to give users with a certain IP range access to objects
that
 > regular visitors are not.  I have a very large organization and I
want
 > everyone in the organization to be able to view certain content and
they
 > all will be within an IP range.  Then I have another level of content
 > that a user must login to view.  Asking hundreds of people to
register
 > and also administrate them is nightmare/impossible.

The built-in UserFolder has such a feature:

  When you define a user with empty password and domain restriction,
  then requests coming from this domain are associated with this
  user provided it provides the required roles.

This feature is now disabled by default but can be enabled on
an instance base (look at the code, for details: -->
"AccessControl/User.py").


 > So I set up two Roles Intranet User and Internal User.  My objects
have
 > a state associated with them which is also associated to the various
 > roles.  Now I would like to use an access rule to check the users IP
 > address and then set the role for them to be an Intranet User.

This will not work (easily):

  Roles are managed by the User object.
  A User object is only created after traversal finished,
  there is not yet a User object when AccessRules are executed.


Dieter