RE: [Zope] Embedding authentication in a Zope Website
Chris,
Thanks for the speedy reply. I appreciate it.
The questions I have now is how do you:
1) give users the opportunity to log in... where do you actually do authentication? is there a url they must point to? should I be calling any python functions, or perhaps writing my own dtml methods to aquire their credentials?
You protect an object using permissions and roles. Once they hit an object that requires authentication, they'll be prompted to log in. For example, you might want to create a role named 'Bleah' and assign a bunch of users to that role. Then protect a folder 'Foo' by assigning the 'View' permission to the 'Bleah' role. When users navigate to 'Foo', they'll be prompted for a login. If they have the 'Bleah' role, and they enter the proper username/password combo, they'll be permitted access. If they don't have the 'Bleah' role, or if they do not enter a proper username/password combo, they'll be denied access. You may also want to check out the new Zope 2.2 release that has context-sensitive help for most of this stuff via the 'Help' button on the page.
2) how can you seperate your userlists for your web sites from your user list for zope administration, especially considering you will probably want users to be able to access multiple trees equally?
You don't, a user with management privileges (e.g. the "Manager" role) is just another user.. it's just that he/she has mangement privileges while others may not.
Any advice appreciated. In the meantime, I am looking through as many FAQs and HowTos as I can find at the main site.
The help system is good here too.
Knight,
The primary way of obtaining the credentials of the currently logged in user is through the AUTHENTICATED_USER attribute of the REQUEST object, ala:
<dtml-unless "REQUEST.AUTHENTICATED_USER.getName() == 'Anonymous'> Important stuff </dtml-unless> Unimportant stuff.
You probably don't want to hardcode too much of this stuff into DTML, this is what permissions assigned to objects and roles assigned to users are for. Read the content manager's guide for more information on permissions and roles.
The subject is a big one. I'e never used MySQLuserfolder, so I can't give you much info on that in particular. I assume it operates much like the "basic" user folder that comes 'preinstalled' in the Zope root folder, in which case you'll need to read up on AUTHENTICATED_USER. Searching the Zope.org site for "AUTHENTICATED" should turn up a bunch of hits (although AUTHENTICATED_USER will probably not because of limitations in our cataloging engine). The How-tos that you'll find through this search are probably good for this sort of thing as well.
knight wrote:
Greetings,
Please bear with me, I'm still slightly new to Zope, but
I'm pretty up on
the structure, miscellaneous administration, etc. I'm also beginning to do well with Python development.
I wanted to start adding authentication to my site via HTML forms, and I saw mysqlUserFolder. There aren't any real docs that come with it. More or less, a README that explains the feature set of the Product is all that it has.
Installing mysqlUserFolder wasn't the problem. The problem is now dynamically outputting content based upon login information. How do I manipulate who is logged in? How do I check to see if a user is logged in, etc? Do I need to read some plain zope authentication docs? If so, please point me in the right direction.
What do I embed in my DTML in order to check for authentication?
I really appreciate the help... The Zope documentation is still a little out of order, and slightly confusing to navigate.
Knight
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (1)
-
Chris McDonough