I figured out a way to do this, although it uses an unpublished method.

In my __before_publishing_traverse__  I do the following:

         if not request.has_key('userId'):
             #
             # Get authentication information from the REQUEST, where it
             # is held in encrypted form.
             #
             # This code is copied directly from BaseRequest.py It uses
             # an unpublished method, but I see no decent alternative.
             #
             # CKS 10/8/2002
             #
             auth=request._authUserPW()
             if auth:
                 name,password = auth
                 request['userId'] = name

However, others have posted some interesting alternative solutions
that don't involve using unpublished methods.. :)

My reason for needing this follows.  If you don't care, hit delete now :)

We are using the Command pattern, so every user gesture becomes an
execution of a Command.

Each Command is logged.  The logged Command includes the user, datetime
the command was executed, and other relevant information.

This gives us a full audit trail, undo-able commands, capability to
"replay history", etc.

The act of visiting a URL is also a Command, and is logged as such.
Why?  Because that way we can provide roughly similar functionality
to sending a package "return receipt requested"

If we send an email to a counterparty to a legal contract with a URL to
the contract, we know that they saw the contract by observing a
VisitURL Command with their user ID and the URL of the contract.
That means they read the email and clicked on the URL we sent
(or navigated to it through some other means).

My application can then automatically send notifications to others
based on the execution of the VisitURL Command.
I can send email to my group saying "So and so has seen the contract"

In this particular case, we are writing an invoicing application, so the moment
the client "sees" the invoice this way, the Net-30 clock starts ticking....

If, after a reasonable period of time, we STILL haven't seen a
VisitURL Command logged, we know that the recipient either hasn't read his
mail or hasn't clicked on the URL.  We can then send it to someone else or
call his boss and complain ;-)

--Craeg





Craeg K Strong wrote:
> Hello:
> 
> I would like to log the identity of the authenticated
> user for *every* URL traversal within my Zope Product.
> 
> For example, let's say that my forms-based web application contains 50
> screens.  They are all protected such that only authenticated users
> can view them.  Any one of them could be bookmarked, so a user could
> "jump in" at any point.
> 
> I want to record the fact that a user visited a screen, each and every
> time they do so.
> 
> A natural place to do this would be in a pre-traversal hook, but I seem
> to be stymied by the lack of authentication information in 
> __bobo_traverse__
> or __before_publishing_traverse__
> 
> Can anyone think of a way this could be done?
> 
> I suppose I could hack all of my ZPTs to call a "registerUser" method
> by putting it in an empty <span> in their shared header, but that seems
> to mix concerns.  Why should my ZPTs have knowledge of this workflow
> requirement?
> 
> Thanks in advance!
> 
> --Craeg


_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to