Hello, I need to verify and set some REQUEST variables for each and every request to my application. I thought that SiteAccess maybe does the job. It works as I expected, only now I want to check some user rights and all I ever get is the user "Anonymous User" which is not what I expected. (The application shows the real name.) E.g. SiteAccessRule <dtml-call "REQUEST.set('sa_user', _.SecurityGetUser().getUseName())"> and my index_html <dtml-var sa_user><br><dtml-var "_.SecurityGetUser().getUseName()"> output will be Anonymous User fakeid If I can't access the real user in a SiteAccess rule. How can evaluate a DTML Method every time a request is made to my app? Thanks Ulrich
Ulrich Wisser writes:
I need to verify and set some REQUEST variables for each and every request to my application. I thought that SiteAccess maybe does the job. It works as I expected, only now I want to check some user rights and all I ever get is the user "Anonymous User" which is not what I expected. (The application shows the real name.) There is a thread about this in the mailing list archives, I think the one of "zope-cmf".
The problem is explained but there is no solution. Dieter
On Tue, Nov 12, 2002 at 08:16:24PM +0100, Dieter Maurer wrote:
Ulrich Wisser writes:
I need to verify and set some REQUEST variables for each and every request to my application. I thought that SiteAccess maybe does the job. It works as I expected, only now I want to check some user rights and all I ever get is the user "Anonymous User" which is not what I expected. (The application shows the real name.) There is a thread about this in the mailing list archives, I think the one of "zope-cmf".
The problem is explained but there is no solution.
that's right. the thread in question: http://zope.nipltd.com/public/lists/ptk-archive.nsf/46f09f5796214c13802568c1... the problem is that SiteAccess and AccessRule are invoked before just about anything else happens: before authentication, and before the REQUEST object is created from the http request. AFAIK there is currently no other global hook to calling something on every page. There is the obvious workaround: put your verify-and-set code in something that's always called: index_html or standard_template.pt or some such. But then you lose it when you override those in subfolders. -- Paul Winkler http://www.slinkp.com "Welcome to Muppet Labs, where the future is made - today!"
Paul Winkler writes:
that's right. the thread in question: http://zope.nipltd.com/public/lists/ptk-archive.nsf/46f09f5796214c13802568c1...
the problem is that SiteAccess and AccessRule are invoked before just about anything else happens: before authentication, and before the REQUEST object is created from the http request. The last statement is not true:
The REQUEST object is being created but the creation is not yet completed. Dieter
participants (3)
-
Dieter Maurer -
Paul Winkler -
Ulrich Wisser