Hi, It is probably really easy, but how do I restrict access to surfers...like the .htaccess does in apache? I cannot find any documentation on this. terry
Terry Kerr wrote:
It is probably really easy, but how do I restrict access to surfers...like the .htaccess does in apache? I cannot find any documentation on this.
You probably want to look at the 'Zope Content Manager's Guide' availiable at www.zope.org under documentation. In that, you'll find "managing users and permissions" which will help you out. Make sure you're using Zope 2.0.1 which has more secure local roles. If you simply want to restrict access to a folder, go to the folder, select 'security', and uncheck 'view' from the anonymous permissions. Now only the manager/owner can view it. -- ~mindlace
At 3:25 pm +1000 8/10/99, Terry Kerr wrote:
Hi,
It is probably really easy, but how do I restrict access to surfers...like the .htaccess does in apache? I cannot find any documentation on this.
terry
It isn't that easy actually - it's a bit of a fiddle. 1) in the acl_users folder *above* where you want to deny access to, create a user 'AnonUser' with no password and domain = '*.*.*.*' 2) in the acl_users folder where you want access denied to, create a user 'AllowedUser' with no password and domain '*.your.domain' 3) In the standard_html_header in the second folder add some dtml code <dtml-if "_.str(REQUEST['AUTHENTICATED_USER'])=='AnonUser'"> <dtml-call "RESPONSE.redirect('denied')"> </dtml-if> <html> etc etc and create a DTML method called 'denied' that explains to the person what's going on. *Don't* use standard_html_header in the 'denied' method as you'll get infinite recursion. This is a bit of a faff - I may well look at Apache rewrite rules to restrict access to a site as a whole. hth tone ------ Dr Tony McDonald, FMCC, Networked Learning Environments Project http://nle.ncl.ac.uk/ The Medical School, Newcastle University Tel: +44 191 222 5888 Fingerprint: 3450 876D FA41 B926 D3DD F8C3 F2D0 C3B9 8B38 18A2
Tony McDonald wrote:
At 3:25 pm +1000 8/10/99, Terry Kerr wrote:
Hi,
It is probably really easy, but how do I restrict access to surfers...like the .htaccess does in apache? I cannot find any documentation on this.
terry
It isn't that easy actually - it's a bit of a fiddle.
1) in the acl_users folder *above* where you want to deny access to, create a user 'AnonUser' with no password and domain = '*.*.*.*' 2) in the acl_users folder where you want access denied to, create a user 'AllowedUser' with no password and domain '*.your.domain' 3) In the standard_html_header in the second folder add some dtml code
<dtml-if "_.str(REQUEST['AUTHENTICATED_USER'])=='AnonUser'"> <dtml-call "RESPONSE.redirect('denied')"> </dtml-if> <html> etc etc
and create a DTML method called 'denied' that explains to the person what's going on. *Don't* use standard_html_header in the 'denied' method as you'll get infinite recursion.
This is a bit of a faff - I may well look at Apache rewrite rules to restrict access to a site as a whole.
that's pretty damn convoluted, our site, which i feel would be well suited to zope development requires quite a bit of authentication. we are a university department, and currently use an apache ldap module to authenticate. we have sections of the site that need to be limited to the department only, and other sections that need to be limited by other groups. zope's authentication for management seems good, but there must be an easier way to limit user access. any pointers? -d -- Dyon Balding [titus@dags.cc.monash.edu.au] phone: +61 0414992604 Monash University, Melbourne, Australia.
At 01:56 9-10-99 , Dyon Balding wrote:
It isn't that easy actually - it's a bit of a fiddle.
1) in the acl_users folder *above* where you want to deny access to, create a user 'AnonUser' with no password and domain = '*.*.*.*' 2) in the acl_users folder where you want access denied to, create a user 'AllowedUser' with no password and domain '*.your.domain' 3) In the standard_html_header in the second folder add some dtml code
<dtml-if "_.str(REQUEST['AUTHENTICATED_USER'])=='AnonUser'"> <dtml-call "RESPONSE.redirect('denied')"> </dtml-if> <html> etc etc
and create a DTML method called 'denied' that explains to the person what's going on. *Don't* use standard_html_header in the 'denied' method as you'll get infinite recursion.
This is a bit of a faff - I may well look at Apache rewrite rules to restrict access to a site as a whole.
that's pretty damn convoluted, our site, which i feel would be well suited to zope development requires quite a bit of authentication. we are a university department, and currently use an apache ldap module to authenticate. we have sections of the site that need to be limited to the department only, and other sections that need to be limited by other groups.
zope's authentication for management seems good, but there must be an easier way to limit user access.
any pointers?
I think Tony mixed up a tip from me on how to _exclude_ access from a certain domain. Zope's access control is very powerful and very simple, but if you want to exclude one domain from access you have to twist and wriggle a bit. Tony wriggled a bit further in that direction to get 'normal' access control. Normally, you'd define a new Role (like 'Visitor'), that you give the permissions that the Anoonymous role normally has, and revoke all Anonymous permissions. Then you can assign that role to anyone you want to have access. See the Z Content Managers Guide on Zope.org -- Martijn Pieters, Web Developer | Antraciet http://www.antraciet.nl | T: +31 35 7502100 F: +31 35 7502111 | mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ---------------------------------------------
I think Tony mixed up a tip from me on how to _exclude_ access from a certain domain. Zope's access control is very powerful and very simple, but if you want to exclude one domain from access you have to twist and wriggle a bit. Tony wriggled a bit further in that direction to get 'normal' access control.
Quite right, I mangled a tip that Martijn posted (what seems like) eaons ago. The method I posted is to allow access from certain domains, whilst denying access from others (in my example, everyone not in the ncl.ac.uk domain).
Normally, you'd define a new Role (like 'Visitor'), that you give the permissions that the Anoonymous role normally has, and revoke all Anonymous permissions. Then you can assign that role to anyone you want to have access. See the Z Content Managers Guide on Zope.org
This is a very powerful system. It's *extremely* fine-grained and more manageble than .htaccess files (I seem to remember a discussion on the PHP list that implied that the order in which .htaccess files is 'looked up' is not easily discovered. That is, if you have .htaccess files in sub-directories, it's not obvious which one will be acted upon. Zope on the other hand, is considerably better in this regard). In other words, the Zope 'permissions' system is very flexible and can almost certainly do what you want. hth tone.
This seems to all makes sense now...except I am still having problems. I have the security set for a directory such that no anon permissions are set, and 'view' is not set to aquire permissions....however, anybody can still view the page. Why is this so? I have jumped on another box, and the page loads up without prompting for any authentication! I was expecting it to only authenticate the owner or manager of the directory. terry Martijn Pieters wrote:
At 01:56 9-10-99 , Dyon Balding wrote:
It isn't that easy actually - it's a bit of a fiddle.
1) in the acl_users folder *above* where you want to deny access to, create a user 'AnonUser' with no password and domain = '*.*.*.*' 2) in the acl_users folder where you want access denied to, create a user 'AllowedUser' with no password and domain '*.your.domain' 3) In the standard_html_header in the second folder add some dtml code
<dtml-if "_.str(REQUEST['AUTHENTICATED_USER'])=='AnonUser'"> <dtml-call "RESPONSE.redirect('denied')"> </dtml-if> <html> etc etc
and create a DTML method called 'denied' that explains to the person what's going on. *Don't* use standard_html_header in the 'denied' method as you'll get infinite recursion.
This is a bit of a faff - I may well look at Apache rewrite rules to restrict access to a site as a whole.
that's pretty damn convoluted, our site, which i feel would be well suited to zope development requires quite a bit of authentication. we are a university department, and currently use an apache ldap module to authenticate. we have sections of the site that need to be limited to the department only, and other sections that need to be limited by other groups.
zope's authentication for management seems good, but there must be an easier way to limit user access.
any pointers?
I think Tony mixed up a tip from me on how to _exclude_ access from a certain domain. Zope's access control is very powerful and very simple, but if you want to exclude one domain from access you have to twist and wriggle a bit. Tony wriggled a bit further in that direction to get 'normal' access control.
Normally, you'd define a new Role (like 'Visitor'), that you give the permissions that the Anoonymous role normally has, and revoke all Anonymous permissions. Then you can assign that role to anyone you want to have access. See the Z Content Managers Guide on Zope.org
-- Martijn Pieters, Web Developer | Antraciet http://www.antraciet.nl | T: +31 35 7502100 F: +31 35 7502111 | mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ---------------------------------------------
_______________________________________________ Zope maillist - Zope@zope.org http://www.zope.org/mailman/listinfo/zope
(Related lists - please, no cross posts or HTML encoding!
To receive general Zope announcements, see: http://www.zope.org/mailman/listinfo/zope-announce
For developer-specific issues, zope-dev@zope.org - http://www.zope.org/mailman/listinfo/zope-dev )
participants (6)
-
Dyon Balding -
Ethan Fremen -
Martijn Pieters -
Terry Kerr -
Tony McDonald -
Tony.McDonald@newcastle.ac.uk