RE: [Zope] hasRole bug or feature in 2.2.?

Randall F. Kern Sat, 13 Jan 2001 13:28:28 -0800
> From: Ron Bickers [mailto:[EMAIL PROTECTED]]

> If this is true, it explains clearly Zope's behavior.  It's really a
browser
> "feature" and not a Zope issue at all.



Yes, that's the problem.

My solution is to use a custom UserFolder, which sets a temporary cookie
when a normal HTTP login is accepted.  This cookie is then used for
further validation.  The class I use is rather complex, providing
persistent login in addition to these features, and randomly re-creating
the cookie so one can't easily spoof a user, but this simple class will
get you going:

class UserFolder(AccessControl.User.BasicUserFolder):
        def validate(self, request, auth='', roles=None):
                user = AccessControl.User.BasicUserFolder.validate(self,
request, auth, roles)
                if user is AccessControl.User.nobody or user is None:
                        if request.cookies.has_key('login'):
                                user =
self.getUser(request.cookies['login'])
                else:
                        request.response.setCookie('login',
user.getUserName(), path='/')

                return user


-Randy

_______________________________________________
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] hasRole bug or feature in 2.2.?

Reply via email to
