Authentication from within External Methods
Hello, How can I authenticate a user (i.e. get his name and roles) from within an external (Python) method? Thanks for help, Marc
----- Original Message ----- From: "Marc O. Sandlus" <marc@sandlus.de> To: <zope@zope.org> Sent: Monday, February 11, 2002 6:49 PM Subject: [Zope] Authentication from within External Methods
Hello,
How can I authenticate a user (i.e. get his name and roles) from within an external (Python) method?
These options exist, afaik: * Using exUserFolder you can write an "authentication source" that will let you do this within the exUserFolder framwork. There are several more user-folder replacements, LoginManager is another, for instance. * Write your own usermanagement parallel to zope's and mimicking the API you can do this both with external methods and Python- Scripts. You won't be able to use these users to in the zope management interface, though. I have done both and they work well, and it depends on what you really need. I suggest you take a look at exUserFolder, since reading it's source will help you understand the auth mechanism in zope quite well. Hope this helps. /dario
On Mon, 2002-02-11 at 19:00, Dario Lopez-Kästen wrote: Hello Dario, thanks for your quick reply.
These options exist, afaik:
* Using exUserFolder you can write an "authentication source" that will let you do this within the exUserFolder framwork.
There are several more user-folder replacements, LoginManager is another, for instance.
* Write your own usermanagement parallel to zope's and mimicking the API you can do this both with external methods and Python- Scripts. You won't be able to use these users to in the zope management interface, though.
I don't really want to reinvent the wheel and implement my own usermanagement (because then I prefer php which is not so awkwardly documented...) I want to use Zope's (the CMF's, that is) user management, so I thought there must be a way to make sure that only an authenticated user (with a given role) calls an External Method. Since I couldn't find any Permission Settings for External Methods which could disallow specific users calling them, I wonder about Zope security. Would appreciate any help... Regards, Marc
Hello again, FYI after one day of investigation I found out that Zope calls External Methods with two implicit parameters, "self" and "REQUEST". From them I could figure out, who the authenticated user is and which roles he has. Well, if that wasn't obvious... I am really frustrated now, and would like to stop working with Zope, because it's too time-consuming to find out how to do the simplest things. During this lost time I could implement a solution without Zope. (And yes, at least one will reply: So why don't you do it then? I will, my next project will be zopefree) Regards, Marc
Marc, I was about to launch in to a diatribe about "reading documentation" in this message. But before I did so I actually read the bit about external methods in the Zope Book. You're right. This part of ZC's primary documentation vehicle (the Zope Book) is in a terrible state. That said, you sound pretty stressed out and maybe that contributes to the shrillness of your message. Zope isn't for everyone. It doesn't seem to be for you. It sounds like you'd be better off with something from Microsoft. - C ----- Original Message ----- From: "Marc O. Sandlus" <marc@sandlus.de> To: <zope@zope.org> Sent: Monday, February 11, 2002 5:43 PM Subject: Re: [Zope] Authentication from within External Methods
Hello again,
FYI
after one day of investigation I found out that Zope calls External Methods with two implicit parameters, "self" and "REQUEST". From them I could figure out, who the authenticated user is and which roles he has.
Well, if that wasn't obvious...
I am really frustrated now, and would like to stop working with Zope, because it's too time-consuming to find out how to do the simplest things. During this lost time I could implement a solution without Zope. (And yes, at least one will reply: So why don't you do it then? I will, my next project will be zopefree)
Regards, Marc
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Hello,
That said, you sound pretty stressed out and maybe that contributes to the shrillness of your message. Zope isn't for everyone. It doesn't seem to be
Today, it's sunny again and I am just happy to have solved my problem. It's just that I lost one day for nothing.
for you. It sounds like you'd be better off with something from Microsoft.
That's funny, because I got the impression that Zope is more and more evolving towards a Mircosoft product: everything is hidden behind the webfrontend and the user doesn't know what Zope is doing. Now I know that if you really want to work with Zope, you have to work with its sources. But that's just the opposite of what Zope claims (in The Zope Book), so I am a little bit disappointed here (not because I have to work with the sources, but because Zope is misleading people on that matter) Thanks for your patience with me (I expected a harsher reaction from you ;-) Marc
Marc O. Sandlus writes:
How can I authenticate a user (i.e. get his name and roles) from within an external (Python) method? I read the mailing list in digest mode. This means, I already know your grievances with Zope expressed in later messages. And this allows me to make a sarcastic note:
The Zope documentation for External Methods seems to be comparable in clarity with that of your question. After this bit of sarcasm, I can get helpful again. A later message tells that you want the user/role information to make a permission check. Zope can make simple checks for you automatically. You simple associate the External Method's "View" permission with the roles that should be allowed to call the method. You can also use: from AccessControl import getSecurityManager user= getSecurityManager().getUser() and then use "user.getUserName()" and "user.has_role" to get the user name and role information. A later message tells that you found out that "self" and "REQUEST" is passed into an External Method. In fact, any argument in the External Method's argument list is passed in provided it is available in the request context. You may read the "Web Publishing" section of <http://www.dieter.handshake.de/pyprojects/zope/book/chap3.html> to find out more. Finally, the section "Site building objects" in the above reference tells a bit about the calling magic of External Methods. Just to avoid you another day of frustration... Dieter
participants (4)
-
Chris McDonough -
Dario Lopez-Kästen -
Dieter Maurer -
Marc O. Sandlus