Hi!
Charlie Clark wrote: > Am 20.04.2010, 14:19 Uhr, schrieb yuppie<y.2...@wcm-solutions.de>: >> Charlie Clark wrote: >>> Please add a separate folder for these views. We need to separate them >>> from the content ones. > >> Why? 'browser' is a generic name, that folder is usually used for *all* >> browser views. Which folder names would you propose? > > It makes it more manageable. Anyone looking at this for the first time is > likely to get a shock when trying to work out which views are where. > > I'd like to have separate folders for "content", "login" or > "authentication", "workflow", etc. You mean subfolders of browser? At the top level I would expect more than just the browser views inside folders with these names. For now I'll keep it where it is. If we agree on a new structure, things can be easily moved around. >>> Using a view means that there is a hardcoded relation between the login >>> form and the login cookies. > >> That doesn't have to be hardcoded. We could look up the cookie settings >> in the CookieCrumbler. > > Would there be any advantage in this? CookieCrumbler doesn't seem to need > them itself if the authentication is handled in a view. For now I plan to move less out of CookieCrumbler than you seem to expect. >>> @deprecate >>> def getCookieMethod(name, default=None): >>> """ Allow overridable cookie set/expiration methods.""" >>> return getattr(name, default) > >> Why deprecated? > > I'm assuming that this related to Methods that could be stored within the > CookieCrumbler when it was still a folder. Could be. +1 if you are sure it is useless. >>> @deprecate >>> def modifyRequest(req, resp): >>> """Copies cookie-supplied credentials to the basic auth >>> fields. >>> >>> Returns a flag indicating what the user is trying to do with >>> cookies: ATTEMPT_NONE, ATTEMPT_LOGIN, or ATTEMPT_RESUME. If >>> cookie login is disabled for this request, raises >>> CookieCrumblerDisabled. >>> """ >> Why deprecated? > > I'm assuming that the login happens outside of CookieCrumbler. Please > correct me if I'm wrong on this. For now I just want to remove these lines from __call__: @@ -261,12 +260,6 @@ if req.get('disable_cookie_login__', 0): return - if (self.unauth_page or - attempt == ATTEMPT_LOGIN or attempt == ATTEMPT_NONE): - # Modify the "unauthorized" response. - req._hold(ResponseCleanup(resp)) - resp.unauthorized = self.unauthorized - resp._unauthorized = self._unauthorized if attempt != ATTEMPT_NONE: # Trying to log in or resume a session if self.cache_header_value: >>> @deprecate >>> def credentialsChanged(user, name, pw): >>> """# XXX: this method violates the rules for tools/utilities: >>> # it depends on self.REQUEST """ >> Why deprecated? > > Look at the docstring. But is it obsolete? >>> @deprecate >>> def logout(): >>> """ >>> Logs out the user and redirects to the logout page. >>> """ >> Why deprecated? > > Surely this should be handled directly by the logout form or view? If it > is kept to do the logging out, then the signature can be changed to > require the request to be passed in. Redirection should be handled by the > logout page. Right. If you write a view for that, the method might become useless. Cheers, Yuppie _______________________________________________ Zope-CMF maillist - Zope-CMF@zope.org https://mail.zope.org/mailman/listinfo/zope-cmf See https://bugs.launchpad.net/zope-cmf/ for bug reports and feature requests