-----Original Message----- From: Martijn Pieters [mailto:mj@antraciet.nl] Sent: Tuesday, March 02, 1999 9:35 AM To: JP Glutting; zope@zope.org Subject: [Zope] AUTHENTICATED_USER, and what you can do with it.
This is an excellent post. I want to add that _getPassword() is a handy function also if you want to use your Zope user to authenticate into an external system, like POP3 or IMAP. -Michel
Use <!--#var expr="AUTHENTICATED_USER.getUserName()"-->
More hints linke this can be found in the User.py file in your lib/python/AccessControl directory.
The following functions could be usefull:
getUserName(self): Return the username of a user getRoles(self): Return the list of roles assigned to a user. getDomains(self): Return the list of domain restrictions for a user allowed(self, parent, roles=None): Check wether the user has access to parent hasRole(self, parent, roles=None): Check wether the user has the specified roles has_role(self, roles): Check wether the user has the specified roles
allowed & hasRole are one and the same. When called with parent=None, it just returns wether the user has the named roles. has_role also checks for roles, but doesn't automatically include the Anonymous role. So, hasRole(None, 'Anonymous') always returns true, but has_role('Anonymous') returns false for every user that has been authenticated.
Note that AUTHENTICATED_USER is always defined, also for anonymous access.
Here is a little example of what you could do with these functions:
<!--#comment-->Display user info<!--#/comment--> You are the user named <!--#var expr="AUTHENTICATED_USER.getUserName()"-->.<P>
<!--#if "AUTHENTICATED_USER.getRoles()"--> You have the following roles:
<!--#in "AUTHENTICATED_USER.getRoles()"--> <LI><!--#var sequence-item--> <!--#/in--> <!--#else--> You have no roles defined. <!--#/if--> <P>
<!--#if "AUTHENTICATED_USER.getDomains()"--> You are allowed to log in from the following domains:
<!--#in "AUTHENTICATED_USER.getDomains()"--> <LI><!--#var sequence-item--> <!--#/in--> <!--#else--> You can log in from any domain. <!--#/if--> <P>
<!--#if "AUTHENTICATED_USER.has_role(['Manager'])"--> You have the 'Manager' role.<BR> <!--#/if-->
<!--#if "AUTHENTICATED_USER.has_role(['Anonymous'])"--> You have the 'Anonymous' role. You are therefore an anonymous user.<BR> <!--#/if-->
<!--#if "AUTHENTICATED_USER.has_role(['nonexistent'])"--> You have the 'nonexistent' role.<BR> <!--#/if--> <!--#var standard_html_footer-->
The last call to has_role is to show that the user defined in the 'access' file in the root folder of your Zope installation, has ALL roles, including non-existent ones. And even more interesting, the call to getRoles() will get you 'manage', a misspelled version of the 'Manager' role. This is probably the only way to reliably recognize the superuser.
-- M.J. Pieters, Web Developer | Antraciethttp://www.antraciet.nl | Tel: +31-35-6254545 Fax: +31-35-6254555 | mailto:mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149
_______________________________________________ Zope maillist - Zope@zope.org http://www.zope.org/mailman/listinfo/zope