It's better to do: <dtml-if "_.SecurityGetUser().has_role('Manager')"> REQUEST.AUTHENTICATED_USER can be less secure. I don't understand the other bit of your problem I'm afraid. Have you tried with another browser? I've found that cookie based authentication (I use CookieCrumbler) is far nicer for the user, especially for things such as logging out. Something to consider. A On 12/12/02 2:34 pm, "complaw@hal-pc.org" <complaw@hal-pc.org> wrote:
I'm stumped.
I have a block of dtml code in my standard_html_header file that is supposed to tailor the menu line depending upon the user's role (once authenticated). For example, the standard_html_header file contains something like:
<dtml-if "AUTHENTICATED_USER.has_role('Manager')"> ... make a (more extensive) menu line <dtml-else> ... make a menu line for non-authenticated users </dtml-if>
I have a login menu item for the non-authenticated users, giving them an opportunity to authenticate. The authentication scheme calls a DTML Method (named "logger") that has security settings such that the challenge/response routine is initiated. Once the user is able to run logger, it takes them back to the index_html file (with the standard_html_header file mentioned above). When comming from the logger object, the menu is constructed correctly (according to the user's role). However, when coming back to index_html from somewhere else (say another folder), it goes back to the non-authenticated menu as if I never logged in (i.e., the code of the AUTHENTICATED_USER has somehow changed or is being ignored). Note, when I click on the login menu button (calling the logger object, I immediately get the correct menu (without the challenge/response).
Is there something to remedy this problem?
TIA,
Ron
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )