Re: [Zope] UserFolder Alternate Login
[EMAIL PROTECTED] writes: I need functionality that none of the UserManagers seem to address. I need to allow a user to elect to log in (and set AUTHENTICATED_USER) as opposed to have them access a restricted resource to trigger cookie authentication. Maybe, I do not understand you. But it appears to me that this is the behaviour of *all* cookie based UserFolder implementations, including GUF. GUF, especially as a "login" method which allows you to log in at will. It pops up the usual login dialog and after you provided login information and submitted the form, it calls "login_success" (which happens to be priviledged). However, after your login, *any* access of a page governed by the GUF with authenticate the user and set the cookie, whether or not the page is protected or not. Only is your "login" form action goes to a resource which is not goverend by the GUF (i.e. above in the hierarchy or in a different subpath), then the login information is lost. Dieter ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] UserFolder Alternate Login
Zopatistas, I need functionality that none of the UserManagers seem to address. I need to allow a user to elect to log in (and set AUTHENTICATED_USER) as opposed to have them access a restricted resource to trigger cookie authentication. I am essentially limited to GUF because it's the only thing I can install on my provider's system (I can't compile the LoginManager). Is there a way to allow the user to login at will, and still get AUTHENTICATED_USER set? There are no "restricted" parts of the site I am building (except for the management interface) however, I would like to generate dynamic menus (using hasrole) which allow users in specific groups (authors, members, etc) to have additional menu options. I'm hoping there is a way to do this... Thanks in advance, Darin Lee ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] UserFolder Alternate Login
Zopatistas, I need functionality that none of the UserManagers seem to address. I need to allow a user to elect to log in (and set AUTHENTICATED_USER) as opposed to have them access a restricted resource to trigger cookie authentication. You mean you want to use AUTHENTICATED_USER like a cookie, i.e. loggin in and every password authenticates? Using basic auth it might be a nice way to get cookie functionality without using cookies. You could write a custum method which triggers authentication and rewrite the method of GUF to always return 1. If someone wants to "log in", he could click on a link to this method. Maybe dtml-unless "AUTHENTICATED_USER.getUserName()=='Anonymous User'" dtml-raise type="Unauthorized" Logout!! /dtml-raise /dtml-unless You are now logged out! could be a starting point. If it is contained in standard_html_header it would force everyone to choose a user name, and in conjuction with the GUF-hack mentioned above he would always be logged in - well unless he decides to call himself "Anonymous User" (luck that this isn't coward ;). If you want to use cookies anyways, take a look at session manager or code it yourself and don't use hasrole. cheers, oliver ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] UserFolder Alternate Login
[EMAIL PROTECTED] wrote: Zopatistas, I need functionality that none of the UserManagers seem to address. I need to allow a user to elect to log in (and set AUTHENTICATED_USER) as opposed to have them access a restricted resource to trigger cookie authentication. *Ahem* Actually, Membership *does* provide login/logout forms that do not require accessing a private section of a site. I am essentially limited to GUF because it's the only thing I can install on my provider's system (I can't compile the LoginManager). Is there a way to allow the user to login at will, and still get AUTHENTICATED_USER set? Ok, that's different. Dead Simple way(tm): Make page that *does* have a need for login. Put a link to it, call the link "login". When they access the page, they wil not have permission to see it, and will thus be given a request for authentication, the logging them in part. If you put this method in the root of your site, say calling it 'login' for an id, then you could put a link in your menuing system that calls it with an href of "login". Then, in your 'login' method/page, you set it up to redirect back to the page they were on when they clicked the login link. There are several examples of this part around; search the Mailing List(s) archives. Until such time as they do log in, the user will be 'Anonymous'. As such, you would make the appearance of the login link dependant on the AUTHENTICAT_USER having the Role 'Anonymous'. Without using a cookie login system, you _must_ access a restricted resource, even if it just a redirect. That is how basic Authentication works. If you are using cookie login, there are HowTos on that around as well. You just show the user the login page. Bill Anderson ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
