At 15:07 25-8-99 , Neal Holtz wrote:
1. A way to identify in DTML the rights of the current user, so pages can be adapted. I would like to get the loginId for the user, but more important, I think, would be just a way to test for various roles. EG: "is the current user a registered student?", etc.
The AUTHENTICATED_USER object has several methods that are of use here. The one you want to use is has_role: <!--#if "AUTHENTICATED_USER.has_role(['Role 1', 'Role2'])--> This text will only be visible to users that have a 'Role1' or 'Role2' role. <!--#/if-->
A Quick reading of Publish.py (in Zope 1.10.3) seems to show all the authorization logic deeply bound into method 'publish', and it would be nice to have that brought out into a separate method.
The AUTHENTICATED_USER code can be found in lib/python/AccessControl/User.py, in the classes BasicUser and User (the latter is a subclass of the first).
2. A way to import a few hundred userids, passwords, and roles, from our own registration databases. Or would it be better to let the webserver authenticate people? - I was going to let Zope do it.
For this you could use UserDB. It is an alternative UserFolder object, that let's you authenticate users against a database. It can be adjusted to fit any existing database schema. You can download the UserDB product from: http://www.zope.org/Download/Prereleases/UserDB
3. A way to have a 'login' link that allows a user to change their identities at any time (more useful for me during testing, but I would like anyone to be able to view pages anonymously at any time, but only have to login when they wish to post an unmoderated response to an article.
On of the nice extras that UserDB offers is cookie-based authentication. Normally Zope uses the HTTP Basic Authentication protocol, and current browser implementations make it difficult to switch username and password within a website. With UserDB, you can easily give the user a webpage where they can offer a new username and password combination to switch Roles, or a logout page to switch back to the Anonymous Role. -- Martijn Pieters, Web Developer | Antraciet http://www.antraciet.nl | T: +31 35 7502100 F: +31 35 7502111 | mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ---------------------------------------------