The login page doesn't have to be viewable. The fact that it isn't viewable triggers the login dialog. Thereby logging the user in. This used to work, sometime back, I've noticed a few things like this recently but since at the time I was using the LoginManager for auth, I thought it was me doing something wrong. Now I'm not so sure. In fact I'm not sure of much at the moment, I'm losing my Zen slowly but surely. Probably a bit of Mad-CowDisease since I'm in UK 8^(. The question remains, should you be able to get the absolute_url of an object if the object itself isn't viewable? TIA Phil ----- Original Message ----- From: <ghaley@mail.venaca.com> To: "Phil Harris" <phil.harris@zope.co.uk> Cc: <zope@zope.org> Sent: Wednesday, April 18, 2001 4:15 PM Subject: Re: [Zope] Weird permissions problem.
thinking about the logic of the steps here:
a user comes to your url, and must log in, but if log in will not view until the user is authenticated, then the user never has an opportunity to log in and become authenticated.
it seems to me that the login page has to be viewable by anonymous in order to allow anonymous_user to become authenticated_user. everything after the log in would need to have anonymous viewing turned off.
or am i missing something here?
ciao! greg.
Gregory Haley DBA/Web Programmer Venaca, LLC.
Now maybe I'm wrong but shouldn't you be able to get the url of a page
even
if you turn off view permissions?
Someone please help, I'm getting slightly confused here.