Re: [Zope] Displaying something based on role doesn't work properly
Alexander Limi writes:
I'm running LoginManager with cookie-based authentication on my site, and I use the following piece of dtml to show a particular menu in the header of a page if a user has a particular role:
<dtml-if "AUTHENTICATED_USER.has_role(['SomeRole'])"> [menu] </dtml-if>
It works fine, except for one document: standard_html_header. When I try to access a page on my site that doesn't exist, the menu is not shown in the header anymore. This is not the way I want it. What has the nont existing page to do with the "standard_html_header"?
From what you describe, I would expect that your authentication cookie is no longer sent or LoginManager no longer recognizes it.
Dieter
<dtml-if "AUTHENTICATED_USER.has_role(['SomeRole'])"> [menu] </dtml-if>
It works fine, except for one document: standard_html_header. When I try to access a page on my site that doesn't exist, the menu is not shown in the header anymore. This is not the way I want it. What has the nont existing page to do with the "standard_html_header"?
From what you describe, I would expect that your authentication cookie is no longer sent or LoginManager no longer recognizes it.
Sorry, my fault - it was late when I wrote the original post - I meant to say: "It works fine, except for one document: standard_error_message". All documents work fine, except when I get an error message - then the extra menu disappears, like the user is no longer authenticated, although when I follow a link further into the site, I suddenly get the menu back. Alexander.
Alexander Limi writes:
All documents work fine, except when I get an error message - then the extra menu disappears, like the user is no longer authenticated, although when I follow a link further into the site, I suddenly get the menu back.
You know that cookies can be restricted to be send to just part of the site?
Put a DTML method "showRequest" with the content
<dtml-var standard_html_head> <dtml-var REQUEST> <dtml-var standard_html_footer>
into your root folder (such that it is acquired everywhere). Test with "<url>/showRequest" whether the cookie is sent to "<url>".
As I pointed out, it works fine except for standard_error_message. It seems like AUTHENTICATED_USER.has_role(['Member','Artist','Manager']) won't work on standard_error_messages. If I do a <dtml-var "AUTHENTICATED_USER.has_role(['Member','Artist','Manager'])"> in the header, it prints "1" on all the documents, except for standard_error_message, where "0" is printed. The cookie appears in normal documents, so I presume there is some kind of error in my standard_html_header. It looks like this: (Norwegian text, but that's not the important part anyway :) <dtml-var standard_html_header> <h2>Ooops.</h2> <p> Dette er en feilmelding. Av den snille og litt myke typen. </p> <dtml-if "error_type=='NotFound'"> <p>Dokumentet du forsøkte å finne eksisterer ikke. Kanskje du har stavet noe feil?</p> <dtml-comment><p>Prøv gjerne vår søkemotor for å finne det du leter etter.</p></dtml-comment> <dtml-else> <dtml-var table_start> <tr><th colspan=2>Feilmeldings-dippedutten vår sier</th></tr> <tr><td><strong>Error Type</strong></td> <td><dtml-var error_type missing=" "></td> </tr> <tr class="even"><td><strong>Error Message</strong></td> <td><dtml-var error_message missing=" "></td> </tr> <tr><td><strong>Error Value</strong></td> <td><dtml-var error_value missing=" "></td> </tr> </table> <p> Hvis denne kom opp når du gjorde noe viktig, og det som står over ikke forteller deg noe om hva som er galt, send oss gjerne en mail (<a href="&dtml-our_email;">&dtml-our_email;</a>) med en beskrivelse av hva du forsøkte å gjøre når denne feilen oppstod. Vi skal forsøke å hjelpe deg så fort som mulig. </p> <p> Hvis du vil være <strong>ekstra</strong> snill, kan du lagre denne siden som en HTML-fil ("Fil -> Lagre som" i menyen), og legge den med som et vedlegg. Da blir det enklere for oss å finne feilen. Vi har nemlig gjemt hemmelige besvergelser i denne siden som gjør oss i stand til å finne ut hva som gikk galt. </p> <!-- Her er errormessage, samt traceback. For de av dere som lurer, er det denne vi bruker for å finne feilen som oppstod. _________________________________extras_________________________________ ________ Error Type: <dtml-var error_type> <dtml-if "error_type in ('KeyError','NameError')"> This resource may be trying to reference a nonexistent object or variable <dtml-var error_value>. </dtml-if> _____________________________REQUEST-objektet___________________________ _______ <dtml-var REQUEST> ________________________________end_extras______________________________ ________ --> </dtml-if> <dtml-var standard_html_footer>
Alexander Limi writes:
.... AUTHENTICATED_USER.has_role(['Member','Artist','Manager']) works fine except for standard_error_message.
"standard_error_message" is probably not designed to be viewed directly. On the other hand, if it is called for a "Resource Not Found", then Zope has not yet made the authentication. This happens only after URL traversal succeeded. Dieter
Alexander Limi writes:
.... AUTHENTICATED_USER.has_role(['Member','Artist','Manager']) works fine except for standard_error_message.
"standard_error_message" is probably not designed to be viewed directly.
I'm not viewing it directly either. I'm accessing an URL that doesn't exist.
On the other hand, if it is called for a "Resource Not Found", then Zope has not yet made the authentication. This happens only after URL traversal succeeded.
So how can I get it working then? It works perfectly on Zope.org (My "logged in" menus do not disappear just because I try to get a document that isn't there). Alexander.
Alexander Limi writes:
Alexander Limi writes:
.... AUTHENTICATED_USER.has_role(['Member','Artist','Manager']) works fine except for standard_error_message.
"standard_error_message" is probably not designed to be viewed directly.
I'm not viewing it directly either. I'm accessing an URL that doesn't exist.
On the other hand, if it is called for a "Resource Not Found", then Zope has not yet made the authentication. This happens only after URL traversal succeeded.
So how can I get it working then? It works perfectly on Zope.org (My "logged in" menus do not disappear just because I try to get a document that isn't there). You will not get it for the "Resource not found" as Zope did not yet perform authentication.
However, afterwards, when you access a different page, it should come up again. Only, if you access a page you do not authorized to access, your browser may decide no longer to send the (failed) authentication information to the server. Dieter
[Dieter Maurer]
You will not get it for the "Resource not found" as Zope did not yet perform authentication.
However, afterwards, when you access a different page, it should come up again.
Only, if you access a page you do not authorized to access, your browser may decide no longer to send the (failed) authentication information to the server.
So, how come this works on Zope.org? Black (blue? :) magic? Alexander.
participants (2)
-
Alexander Limi -
Dieter Maurer