From: Guy Davis [mailto:davis@arc.ab.ca]
Martijn Pieters wrote:
Yes. You can make a new Role, let's call it DomainUser. You
give this
Role all privileges that the Anonymous Role has, and you revoke all rights from the Anonymous Role.
Now you create a new user, and call this AnonymousDomainUser. This user you give _no_ password, just leave the password fields blank. You do specify the domains however; it is a space separated list of domain specs, where each domain spec can be either a domain name, or an IP address, where wildcards can be used anywhere between the dots. For example: *.zope.org *.digicool.com 192.8.*.* is a valid domain spec. And you also give the user the DomainUser Role.
Now, as soon as a visitor comes to your site from a domain that matches the domain spec, Zope will, without asking for a password, match him against the AnonymousDomainUser User, give him the DomainUser Role, and grant that visitor access.
Anyone from any other domain will be prompted for a username and password.
Thanks for this response. I saved it for a while but recently got around to following your suggestions. I set this up so that AnonymousDomainUser is available at the top level folder. Then in /Projects/TestProject, I have a whole set of other users as there is no anonymous access to TestProject. When some from the right domain brings up the root folder, they match to AnonymousDomainUser but when they try to bring up TestProject, their username and password are consistently rejected.
If I then go back to the security panel of the root folder and give the Anonymous role just the capability to view, they can then login properly and access TestProject, but then I have lost the domain filtering on anonymous viewers.
Is there some way to have both anonymous domain-restricted access and also certain directories with only authorized-user access? Thanks.
You should be able too.. Hmmm. Where is the Role that has access to TestProject defined? And do the users that should have access to the TestProject Folder have that Role? Try defining the Role on the Root object, if it is not defined there. If this helps, there might be a bug here somewhere, although I am not that versed in the security system yet to be sure. -- Martijn Pieters, Software Engineer | Digital Creations http://www.digicool.com | Creators of Zope http://www.zope.org | mailto:mj@digicool.com ICQ: 4532236 | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 -------------------------------------------