"Christopher G. Petrilli" wrote:
On Tue, Dec 08, 1998 at 06:53:53PM +0000, Jim Fulton wrote:
OK, this SHOULD be easy :-)
It is.
I know that the security realm used for BasicAuthentication is set using __bobo_realm__ (and BTW, still is) and defaults to the module name (Main) if nothing is set.
So, I figured, easy, I'll just add a property to the folder with that name and away we go... nope, I get an error that properties starting with '_' are verbotten... so, just how does one do this? You know what would be neat, is if there were something on the Security page to set this, just a simple box to fill in! :-)
ZPublisher also checks for an environment variable, BOBO_REALM. (In the next release, it will check for Z_REALM first :) and uses it if there is not module-level realm setting.
Ah, what I'm interested in is doing it INSIDE the GUI, on a folder level, not on a "Module" level, or a global level. For example, if I access a folder with it's own Userfolder, and authorize on that, then want to go to the MAIN /manage screen, I have to reauthorize, which is fine, since they both use "Main" as the realm. BUT when I go BACK to the sub folder (above), I'm still running as the "superuser" or whatever.
And that's not what you want? :) In general, we prefer that people who are authorized above should be authorized below. Do you *really* want subfolders to have different realms, do you just want to be able to able to "log out"? If the later, we find it convenient to have a "logout" document sitting around: <!--#raise Unauthorized--> You have logged out<p> <!--#/raise--> if you really want subfolders to have their own realms, it probably wouldn't be too hard to provide a user folder property for the realm and have the user folder set the necessary response header when an authorization fails. Jim -- Jim Fulton mailto:jim@digicool.com Technical Director (540) 371-6909 Python Powered! Digital Creations http://www.digicool.com http://www.python.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.