"Clemens" == Clemens Klein-Robbenhaar <robbenhaar@espresto.com> writes:
Clemens> John Hunter writes: [...] >> What happens instead is that the anonymous user gets asked for >> a password when visiting the site home index_html, which >> includes the standard_html_header. It appears that zope is >> trying to access the contents of login_py in the call to >> >> <dtml-if "_.SecurityCheckPermission('View', login_py)"> >> >> rather than simply check the permission, which surprises me. Clemens> Well, the anonymous visitor _is_ accessing "login_py" Clemens> actually. (Zope does not check permissions on function Clemens> call, but on attribute access.) Clemens> Thus Your idea does not work that way. Instead You Clemens> could check directly, if the user is anonymous, by Clemens> inspecting "_.SecurityGetUser().getUserName=='Anonymous Clemens> User'" or the like (sorry, if forgot the proper Clemens> incantation ...) Thanks -- you just forgot the () on getUserName. But I am still encountering some strangeness. I am now doing <dtml-if "_.SecurityGetUser().getUserName()=='Anonymous User'"> in standard_html_header and using the login_py with view set to manage permissions as before. I also calling <dtml-var "_.SecurityGetUser().getUserName()"> just for debug purposes. When I visit the main page from a newly loaded browser, it loads with a Members Login button as expected and user name reported as 'Anonymous User'. When I click on the submit button, I get the password box as expected, and enter in a user/passwd with manager permissions. Then I get redirected back to the referer as expected, but the user name is still reported by the dtml-var call as 'Anonymous User'. Refresh doesn't help. Now things get funny. If I then goto the manage screen with http://nitace.bsd.uchicago.edu:8080/template/manage I can access it because the authentication for 'user' was stored by the browser. If from the manage interface I click 'View', the user is now reported as 'user' and I get the user menu instead of the login button. If I then try to access the page directly again with http://nitace.bsd.uchicago.edu:8080/template I am back to being an anonymous user. Please feel free to take a look. The user is 'user' and the password is 'user1234'. Thanks, John Hunter