Re: [Zope] Access Permission by Domain and without Login?

21 Jun 2004

      With all this talk about the zope list accepting any email I've been
trying to figure out why my message is still not delivered.  I've pasted
in my reply below and am sending this to see if it will go through on an
unsubscribed email account.

    **********************************************
    **      THIS IS A WARNING MESSAGE ONLY      **
    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **
    **********************************************

The original message was received at Tue, 15 Jun 2004 12:06:48 -0400
from localhost.localdomain [127.0.0.1]

   ----- Transcript of session follows -----
<zope@zope.org>... Deferred: Connection timed out with mail.python.org.
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old

================================================================================

Date: Tue, 15 Jun 2004 12:06:48 -0400 (EDT)
From: Thomas Bennett <bennettt@pm.appstate.edu>
Subject: Re: [Zope] Access Permission by Domain and without Login?
To: zope@zope.org
Reply-To: <zope@zope.org>

I've done something similar to give local users a url and off campus
users a url that
authenticates the user through the proxy server.  At the top of the page
I call a python script that
receives the REMOTE_ADDR and splits it on the dots and then checks the
first two octets of the IP
address.  If both match then a flag is set to true otherwise it is
false.  I think I recall getting
a script from the Zope Cookbook and used only the part I needed.  No
security was needed for this
page because access to the target urls did the authentication.

Thomas

In the HTML page:

<dtml-call "REQUEST.set('hostname',ip_add_flag(REMOTE_ADDR))">

     <dtml-if hostname>
       <br><A href="http://<dtml-var vdb_local_url>"><dtml-var
vdb_title></a>
     <dtml-else>
       <br><A href="http://<dtml-var vdb_proxy_url>"><dtml-var
vdb_title></a>
     </dtml-if>

In the Python Script:

import string

my_split=string.split(ipnum,'.')

#check for 123
if my_split[0]=='123':
  match1=1
else:
  match1=0

#check for 12
if my_split[1]=='12':
  match2=1
else:
  match2=0

if match1 and match2:
  return 1
else:
  return 0

On Fri, 11 Jun 2004 15:08:34 -0400 "Passin, Tom" <tpassin@mitretek.org>
wrote:
...
For a Zope 2.7/Plone 2 site, I would like to restrict (otherwise)
anonymous access to certain specific pages or methods to people making
the request from specific domains.  I know that I can specify a domain
for a particular user, but I want this to apply to anyone, without any
special per-user configuration, and without requiring a login.
Also I want to do this without putting Zope behind Apache or any other
proxy, if this is possible.
I don't recall seeing this discussed.  Does anyone have suggestions as
to how to accomplish this?
Cheers,
Tom P