Hello! Until Zope 2.8.3 it was possible to access to the name of the logged in user also in a public accessible method. A thing I used quite often is hiding links which were not accessible for an anonymous user but show them in case the user has authenticated itself somewhere else in the site: <dtml-if "AUTHENTICATED_USER.has_role('Manager')"> | <a href="manage">Manage</a> </dtml-if> This no longer works in Zope 2.8.5 (2.8.4 is untested) and Zope 2.9.0. AUTHENTICATED_USER or _.SecurityGetUser().getUserName() is set to "Anonymous User" as long as the method does not require a login. When a login is reqired, AUTHENTICATED_USER is filled correctly but a unpriviledged user is no longer able to access the document. I'm not sure if I should see this as a bug or a feature and I was not able to find the change in a diff of the sources. Could you tell me more about this behavior? Beat -- \|/ Beat Rubischon <beat@0x1b.ch> ( 0^0 ) http://www.0x1b.ch/~beat/ oOO--(_)--OOo--------------------------------------------------- Meine Erlebnisse, Gedanken und Traeume: http://www.0x1b.ch/blog/
Beat Rubischon wrote at 2006-2-3 14:10 +0100:
Until Zope 2.8.3 it was possible to access to the name of the logged in user also in a public accessible method. .. This no longer works in Zope 2.8.5 (2.8.4 is untested) and Zope 2.9.0.
Zope development seems a bit chaotic: What you describe now was the standard Zope behaviour for a long time. Then developpers realized that this "feature" (suppressing authentication for public objects) brings more pain than gain and disabled it. Apparently, a new generation of Zope developpers lost the old wisdom and reenabled the misfeature.... I (at your place) would file a bug report, citing the old problem reports (to be found in the mailing list archive). -- Dieter
--On 3. Februar 2006 23:22:00 +0100 Dieter Maurer <dieter@handshake.de> wrote:
Beat Rubischon wrote at 2006-2-3 14:10 +0100:
Until Zope 2.8.3 it was possible to access to the name of the logged in user also in a public accessible method. .. This no longer works in Zope 2.8.5 (2.8.4 is untested) and Zope 2.9.0.
Zope development seems a bit chaotic:
What you describe now was the standard Zope behaviour for a long time.
Perhaps chaotic because the lack of developer resources? :-) -aj
Andreas Jung wrote at 2006-2-4 06:56 +0100:
... --On 3. Februar 2006 23:22:00 +0100 Dieter Maurer <dieter@handshake.de> wrote:
Beat Rubischon wrote at 2006-2-3 14:10 +0100:
Until Zope 2.8.3 it was possible to access to the name of the logged in user also in a public accessible method. .. This no longer works in Zope 2.8.5 (2.8.4 is untested) and Zope 2.9.0.
Zope development seems a bit chaotic:
What you describe now was the standard Zope behaviour for a long time.
Perhaps chaotic because the lack of developer resources? :-)
I takes less developer resources to keep misfeatures disabled (rather than reenable them) :-) -- Dieter
Hello! Am 3.2.2006 14:10 Uhr schrieb "Beat Rubischon" unter <beat@0x1b.ch>:
Until Zope 2.8.3 it was possible to access to the name of the logged in user also in a public accessible method.
This no longer works in Zope 2.8.5 (2.8.4 is untested) and Zope 2.9.0.
Finally, I found the bug: Zope is OK, it was my browser session which seemed to be screwed up *shame* I restarted Zope several times, installed alternate versions - but I never restarted my Firefox nor I tried a different browser or a different client. Yesterday I tried to reconstruct the bug on my office PC and everything went OK. Sorry for the disruption! Beat -- \|/ Beat Rubischon <beat@0x1b.ch> ( 0^0 ) http://www.0x1b.ch/~beat/ oOO--(_)--OOo--------------------------------------------------- Meine Erlebnisse, Gedanken und Traeume: http://www.0x1b.ch/blog/
participants (3)
-
Andreas Jung -
Beat Rubischon -
Dieter Maurer