[Zope] Struggling with Permissions
Hi all
I've run into something baffling regarding authentication.
For debugging purposes, my standard_html_header tells me:
(I'm emdtml-var "AUTHENTICATED_USER.getUserName()"/em and I have
emdtml-var "AUTHENTICATED_USER.getRoles()"/em role(s).)
When I visit /docs, it tells me:
(I'm Anonymous User and I have Anonymous role(s).)
That's cool. Now I visit:
/docs/manage_addProduct/ccDoc/ccDocClass_factory
via a link from /docs, and I am prompted for username and
password. I add an instance of my ZClass, and am redirected
to /docs:
dtml-if "AUTHENTICATED_USER.has_role('ContentManager')"
dtml-comment njj: Called from the public interface
/dtml-comment
dtml-call "RESPONSE.redirect(
DestinationURL+'/index_html')"
dtml-else
dtml-call "RESPONSE.redirect(
DestinationURL+'/manage_workspace')"
/dtml-if
(this is from ccDocClass_add). When I arrive I *still* see:
(I'm Anonymous User and I have Anonymous role(s).)
Now I edit the URL manually and visit /docs/manage, which
works *without* prompting me for authentication. I edit the
URL back to /docs, and now I see:
(I'm docEditor and I have ContentManager and Manager role(s).)
Also, this doesn't *always* happen. Perhaps it's an IE problem?
Does anyone know exactly how this works?
--
Jean Jordaan --technical writer--
Mosaic Sofware --Zope 2.16 on W2K
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Struggling with Permissions
On Tue, 15 Aug 2000, Jean Jordaan wrote: (this is from ccDocClass_add). When I arrive I *still* see: (I'm Anonymous User and I have Anonymous role(s).) Now I edit the URL manually and visit /docs/manage, which works *without* prompting me for authentication. I edit the URL back to /docs, and now I see: (I'm docEditor and I have ContentManager and Manager role(s).) Also, this doesn't *always* happen. Perhaps it's an IE problem? Does anyone know exactly how this works? My bet is that this is a browser caching issue. Click on the link that takes you back to the original page, get the cached page. Edit the URL, edit the URL *back*, now you've undoubtably hit return in the URL box, and IE (sometimes) does a page refresh at that point. --RDM ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Struggling with Permissions
Hi RDM My bet is that this is a browser caching issue. Mine too. But how does everyone else manage authentication? -- Jean Jordaan --technical writer-- Mosaic Sofware --Zope 2.16 on W2K ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Struggling with Permissions
Jean Jordaan writes: ... anonymous user despite authentication (this is from ccDocClass_add). When I arrive I *still* see: I may be a cache issue as suggested earlier in the list. However, I may also be a Zope feature. When you access an unprotected object, Zope may not determine the "true" authenticated user but simply return the anonymous user object. This is nasty, if user objects have additional properties or additional roles that are inspected in an unprotected page. Dieter ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
