Re: [Zope-dev] How can I find out who visited a URL within my ZopeProduct?
Steve Alexander wrote: My application can then automatically send notifications to others based on the execution of the VisitURL Command. I can send email to my group saying So and so has seen the contract Incorrect. This shows that they read the original email, and intended to view the contract at the URL. However, after that point, we only know that Zope attempted to send the page at the URL back to the browser. You have no proof that such data was ever received by the browser in any way meaningful to the end-user. This gets even more complicated when http proxies are involved. You are right, of course, but I believe that, for our purposes, this is a distinction without a difference. The notification is purely for administrative purposes-- just a convenient reminder to our client if their invoice has not been paid yet. If *their* client denies that they have seen the invoice, we don't have a legal basis for non-repudiation, but as it turns out, this is a pretty rare problem in practice. I suppose the only way to legally guarantee that someone has seen something delivered as a web page is for them to attach their digital signature to the form and submit it back to the server. Ultimately we will probably have to do this, but for now the VisitURL notification is enough... --Craeg ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How can I find out who visited a URL within my ZopeProduct?
If we send an email to a counterparty to a legal contract with a URL to the contract, we know that they saw the contract by observing a VisitURL Command with their user ID and the URL of the contract. That means they read the email and clicked on the URL we sent (or navigated to it through some other means). Correct. My application can then automatically send notifications to others based on the execution of the VisitURL Command. I can send email to my group saying So and so has seen the contract Incorrect. In this particular case, we are writing an invoicing application, so the moment the client sees the invoice this way, the Net-30 clock starts ticking This shows that they read the original email, and intended to view the contract at the URL. However, after that point, we only know that Zope attempted to send the page at the URL back to the browser. You have no proof that such data was ever received by the browser in any way meaningful to the end-user. This gets even more complicated when http proxies are involved. -- Steve Alexander ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How can I find out who visited a URL within my ZopeProduct?
Much easier and nicer is to use an Access Rule (look in the Add drop-down). Tim Craeg K Strong wrote: Hello: I would like to log the identity of the authenticated user for *every* URL traversal within my Zope Product. For example, let's say that my forms-based web application contains 50 screens. They are all protected such that only authenticated users can view them. Any one of them could be bookmarked, so a user could jump in at any point. I want to record the fact that a user visited a screen, each and every time they do so. A natural place to do this would be in a pre-traversal hook, but I seem to be stymied by the lack of authentication information in __bobo_traverse__ or __before_publishing_traverse__ Can anyone think of a way this could be done? I suppose I could hack all of my ZPTs to call a registerUser method by putting it in an empty span in their shared header, but that seems to mix concerns. Why should my ZPTs have knowledge of this workflow requirement? Thanks in advance! --Craeg ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope ) -- Tim McLaughlin Chief Technology Officer Siteworx, Inc... Set your site on the future! 703.390.5421 ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] How can I find out who visited a URL within my ZopeProduct?
I figured out a way to do this, although it uses an unpublished method.
In my __before_publishing_traverse__ I do the following:
if not request.has_key('userId'):
#
# Get authentication information from the REQUEST, where it
# is held in encrypted form.
#
# This code is copied directly from BaseRequest.py It uses
# an unpublished method, but I see no decent alternative.
#
# CKS 10/8/2002
#
auth=request._authUserPW()
if auth:
name,password = auth
request['userId'] = name
However, others have posted some interesting alternative solutions
that don't involve using unpublished methods.. :)
My reason for needing this follows. If you don't care, hit delete now :)
We are using the Command pattern, so every user gesture becomes an
execution of a Command.
Each Command is logged. The logged Command includes the user, datetime
the command was executed, and other relevant information.
This gives us a full audit trail, undo-able commands, capability to
replay history, etc.
The act of visiting a URL is also a Command, and is logged as such.
Why? Because that way we can provide roughly similar functionality
to sending a package return receipt requested
If we send an email to a counterparty to a legal contract with a URL to
the contract, we know that they saw the contract by observing a
VisitURL Command with their user ID and the URL of the contract.
That means they read the email and clicked on the URL we sent
(or navigated to it through some other means).
My application can then automatically send notifications to others
based on the execution of the VisitURL Command.
I can send email to my group saying So and so has seen the contract
In this particular case, we are writing an invoicing application, so the moment
the client sees the invoice this way, the Net-30 clock starts ticking
If, after a reasonable period of time, we STILL haven't seen a
VisitURL Command logged, we know that the recipient either hasn't read his
mail or hasn't clicked on the URL. We can then send it to someone else or
call his boss and complain ;-)
--Craeg
Craeg K Strong wrote:
Hello:
I would like to log the identity of the authenticated
user for *every* URL traversal within my Zope Product.
For example, let's say that my forms-based web application contains 50
screens. They are all protected such that only authenticated users
can view them. Any one of them could be bookmarked, so a user could
jump in at any point.
I want to record the fact that a user visited a screen, each and every
time they do so.
A natural place to do this would be in a pre-traversal hook, but I seem
to be stymied by the lack of authentication information in
__bobo_traverse__
or __before_publishing_traverse__
Can anyone think of a way this could be done?
I suppose I could hack all of my ZPTs to call a registerUser method
by putting it in an empty span in their shared header, but that seems
to mix concerns. Why should my ZPTs have knowledge of this workflow
requirement?
Thanks in advance!
--Craeg
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
