Am 20.04.2010, 12:53 Uhr, schrieb yuppie <y.2...@wcm-solutions.de>: > Proposal: > Meanwhile a much better hook exists for exception handling: Exception > views. I propose to move most of the Unauthorized handling to a new > exception view in the ICMFDefaultSkin layer.
Please add a separate folder for these views. We need to separate them from the content ones. BTW. (For pedagogic reason I'm not too keen on EditForms being used when objects aren't being edited.) > All Unauthorized exceptions inside a CMF site are converted by the view. > Into a Redirect exception for anonymous users and into a Forbidden > exception for authenticated users. > The redirect target is looked up in the 'user/login' Action, making > CookieCrumbler's auto_login_page setting obsolete. The unauth_page > setting will no longer be supported. > CookieCrumbler and therefore CMFCore will loose the redirect feature. > If there are no objections, I'll check in that change on CMF trunk. This is great. Having looked at the CookieCrumbler code, and its change log, it's that it hasn't seen much love in the last five years, while Zope and the rest of the CMF have come along in leaps and bounds. So +1 from me but as per my other e-mails - what will the CookieCrumbler do afterwards? Using a view means that there is a hardcoded relation between the login form and the login cookies. This is the current interface for ICookieCrumbler with proposed deprecation decorators class ICookieCrumbler(Interface): """Reads cookies during traversal and simulates the HTTP auth headers. """ @deprecate auth_cookie = Attribute("""The key of the authorisation cookie""") @deprecate name_cookie = Attribute("""They key of the authorised user cookie""") @deprecate pw_cookie = Attribute("""The key of the password cookie""") persist_cookie = Attribute("""The key of the persistent cookie""") local_cookie_path = Attribute("""If True, the cookie tied to the local path?""") cache_header_value = Attribute("""If present, the login page will not be cached""") log_username = Attribute("""If True, the username will in appear in Zope's log""") def delRequestVar(req, name): """No errors of any sort may propagate, and we don't care *what* they are, even to log them.""" def getCookiePath(): """Get the path for the cookie the parent URL if local_cookie_path is True otherwise /""" return path @deprecate def getCookieMethod(name, default=None): """ Allow overridable cookie set/expiration methods.""" return getattr(name, default) def defaultSetAuthCookie(resp, cookie_name, cookie_value): """Set the authorisation cookie""" def defaultExpireAuthCookie(resp, cookie_name): """Expire the cookie""" def _setAuthHeader(ac, request, response): """Set the auth headers for both the Zope and Medusa http request objects. """ @deprecate def modifyRequest(req, resp): """Copies cookie-supplied credentials to the basic auth fields. Returns a flag indicating what the user is trying to do with cookies: ATTEMPT_NONE, ATTEMPT_LOGIN, or ATTEMPT_RESUME. If cookie login is disabled for this request, raises CookieCrumblerDisabled. """ def __call__(container, req): """The __before_publishing_traverse__ hook.""" @deprecate def credentialsChanged(user, name, pw): """# XXX: this method violates the rules for tools/utilities: # it depends on self.REQUEST """ @deprecate def _cleanupResponse(): """# XXX: this method violates the rules for tools/utilities: # it depends on self.REQUEST""" @deprecate def unauthorized(): """Remove authentication cookies and redirect to standard unauthorized""" @deprecate def _unauthorized(): """Remove authentication cookies and redirect to standard _unauthorized""" @deprecate def getUnauthorizedURL(): """ Redirects to the login page. """ @deprecate def logout(): """ Logs out the user and redirects to the logout page. """ def propertyLabel(id): """Return a label for the given property id """ I'm more than happy to help with this if there is anything I can do that doesn't mean you spend more time answering my questions than it would take to do the work! :-) Charlie -- Charlie Clark Managing Director Clark Consulting & Research German Office Helmholtzstr. 20 Düsseldorf D- 40215 Tel: +49-211-600-3657 Mobile: +49-178-782-6226 _______________________________________________ Zope-CMF maillist - Zope-CMF@zope.org https://mail.zope.org/mailman/listinfo/zope-cmf See https://bugs.launchpad.net/zope-cmf/ for bug reports and feature requests