Dieter writes:
If I can't safely assume any of the above, would I be better off using a
session product to track a user after log in so I can determine their roles
from an unprotected document? Any other ways?
If the session product uses cookies, you will have a situation
similar to
Chris McDonough wrote:
I'll trust that you're right, Dieter, because reading the traversal
machinery code makes my head hurt. :-)
Likewise... I'm sure that's not a good thing ;-)
cheers,
Chris
___
Zope maillist - [EMAIL PROTECTED]
Ron Bickers writes:
I think I understand, but correct me if I'm wrong. The problem is that my
browser is not even *sending* the authentication information to the other
parts of the site until I first access a protected document at the root
level. That is, the browser only continues to
: Friday, January 12, 2001 5:00 PM
Subject: Re: [Zope] hasRole bug or feature in 2.2.?
Chris McDonough writes:
You didn't protect the isMember document. It's viewable by Anonymous.
The
Zope security machinery short-circuits authentication for resources
that
don't require it. This mean
From: Ron Bickers [mailto:[EMAIL PROTECTED]]
If this is true, it explains clearly Zope's behavior. It's really a
browser
"feature" and not a Zope issue at all.
Yes, that's the problem.
My solution is to use a custom UserFolder, which sets a temporary cookie
when a normal HTTP login is
Chris McDonough writes:
You didn't protect the isMember document. It's viewable by Anonymous. The
Zope security machinery short-circuits authentication for resources that
don't require it. This means that when you view a resource that's
unprotected, you view it "as Anonymous".
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Dieter Maurer
Sent: Friday, January 12, 2001 5:00 PM
To: Chris McDonough
Cc: [EMAIL PROTECTED]
Subject: Re: [Zope] hasRole bug or feature in 2.2.?
However, if previously a protected object
I'm having a problem with AUTHENTICATED_USER.hasRole()
I have a user with the role 'Member' defined at the root level (and nowhere
else). I also have the following DTML method at the root level:
dtml-if "REQUEST['AUTHENTICATED_USER'].hasRole(PARENTS[-1], ['Member'])"
You are a Member.
ss of the protection on the resource you're trying
to view.
- Original Message -
From: "Ron Bickers" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, January 11, 2001 5:01 PM
Subject: [Zope] hasRole bug or feature in 2.2.?
I'm having a problem with AUTHENTICATED_USER.hasRole()
-Original Message-
From: Chris McDonough [mailto:[EMAIL PROTECTED]]
Sent: Thursday, January 11, 2001 6:25 PM
To: Ron Bickers; [EMAIL PROTECTED]
Subject: Re: [Zope] hasRole bug or feature in 2.2.?
You're gonna laugh. Get ready.
You didn't protect the isMember document. It's
10 matches
Mail list logo