How do I force authentication?
Hello! I am building a few Zope websites. These sites live as subfolders of my root zope install, in which I place common code. Those websites will be administered by non-technical people, so one of my main coding efforts is building alternate, easy-to-use admin screens. I have one snag now. I want a login page which has Zope authenticate visitors. I don't want to take them to the real admin screens, I just want to have Zope authenticate them. I initially did this by writing a simple DTML method, login.html, which is not viewable by anyone with a role other than anonymous. That worked fine for a while. That approach fails, however, when the user if defined in an acl_users folder which is lower in the object hierarchy than the login.html method. And that is the case for all my sub-site admins. I have gone around this so far by copying login.html to all subsites... But I am sure there is a better solution. Can anyone point me in the right direction? Thanks for listening. Cheers, Jérôme Loisel -- Jérôme Loisel Lévinux: GNU/Linux dans les communautés à Lévis
There are a whole host products that have done this before on Zope.org: http://www.zope.org/Products/user_management try using one of those... -- Andy McKay. ----- Original Message ----- From: "Jérôme Loisel" <jerome@levinux.org> To: <zope@zope.org> Sent: Thursday, March 22, 2001 3:49 PM Subject: [Zope] How do I force authentication?
Hello!
I am building a few Zope websites. These sites live as subfolders of my
root
zope install, in which I place common code. Those websites will be administered by non-technical people, so one of my main coding efforts is building alternate, easy-to-use admin screens.
I have one snag now. I want a login page which has Zope authenticate visitors. I don't want to take them to the real admin screens, I just want to have Zope authenticate them. I initially did this by writing a simple DTML method, login.html, which is not viewable by anyone with a role other than anonymous. That worked fine for a while.
That approach fails, however, when the user if defined in an acl_users folder which is lower in the object hierarchy than the login.html method. And that is the case for all my sub-site admins.
I have gone around this so far by copying login.html to all subsites... But I am sure there is a better solution. Can anyone point me in the right direction? Thanks for listening.
Cheers,
Jérôme Loisel
-- Jérôme Loisel Lévinux: GNU/Linux dans les communautés à Lévis
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Hi Jerome, Jérôme Loisel wrote:
Hello!
I am building a few Zope websites. These sites live as subfolders of my root zope install, in which I place common code. Those websites will be administered by non-technical people, so one of my main coding efforts is building alternate, easy-to-use admin screens.
Ok, the standard screen might be a bit ugly but you can simplify it easy: just define only the permissions you want to give a user + the right to view the management screens. (do this with globally roles for simplicity) This way you would teach your users to use url/manage and login. They would automatically see only your defined interface parts. To archive this, you only have to subclass the zclasses you use in your site and add custom methods to them. Tie these methods to special rights.
I have one snag now. I want a login page which has Zope authenticate visitors. I don't want to take them to the real admin screens, I just want to have Zope authenticate them. I initially did this by writing a simple DTML method, login.html, which is not viewable by anyone with a role other than anonymous. That worked fine for a while.
I'm asking me why you are actually calling it login_.html_? What is this extraneous supposed to do? Its not neccesary for zope and looks ugly anyway ;)
That approach fails, however, when the user if defined in an acl_users folder which is lower in the object hierarchy than the login.html method. And that is the case for all my sub-site admins.
Zope's acquisition allows to place the login - method in the root and use it wherever you go in the site tree. You dont need to copy. HTH Tino
Hello ! I've encountered similar problem a couple of weeks ago - I'm also building a site to be administered by non-technical people so far :-) So, the problem of your approach is that a user defined in lower acl_users folders CAN NOT access objects, located in top-level folders (if they are not viewable by Anonymous users). If you try to reach them Zope tries to authenticate you automatically. My solution is as follows: I created product in which I put all my administrative ZClasses & methods. Now, when I create new subfolder with new local admins defined in local acl_users I simply put an instance of my administrative class in that folder. It works pretty well for the time being. Of course, all permissions/roles/etc should be set in right way. Hope that will be useful advice for you :-) Anton. ----- Original Message ----- From: "Jérôme Loisel" <jerome@levinux.org> To: <zope@zope.org> Sent: Friday, March 23, 2001 1:49 AM Subject: [Zope] How do I force authentication?
Hello!
I am building a few Zope websites. These sites live as subfolders of my
root
zope install, in which I place common code. Those websites will be administered by non-technical people, so one of my main coding efforts is building alternate, easy-to-use admin screens.
I have one snag now. I want a login page which has Zope authenticate visitors. I don't want to take them to the real admin screens, I just want to have Zope authenticate them. I initially did this by writing a simple DTML method, login.html, which is not viewable by anyone with a role other than anonymous. That worked fine for a while.
That approach fails, however, when the user if defined in an acl_users folder which is lower in the object hierarchy than the login.html method. And that is the case for all my sub-site admins.
I have gone around this so far by copying login.html to all subsites... But I am sure there is a better solution. Can anyone point me in the right direction? Thanks for listening.
Cheers,
Jérôme Loisel
-- Jérôme Loisel Lévinux: GNU/Linux dans les communautés à Lévis
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (4)
-
Andy McKay -
Anton A. Zotov -
Jérôme Loisel -
Tino Wildenhain