Re: [Zope] - Setting __bobo_realm__
"Christopher G. Petrilli" wrote:
OK, this SHOULD be easy :-)
It is.
I know that the security realm used for BasicAuthentication is set using __bobo_realm__ (and BTW, still is) and defaults to the module name (Main) if nothing is set.
So, I figured, easy, I'll just add a property to the folder with that name and away we go... nope, I get an error that properties starting with '_' are verbotten... so, just how does one do this? You know what would be neat, is if there were something on the Security page to set this, just a simple box to fill in! :-)
ZPublisher also checks for an environment variable, BOBO_REALM. (In the next release, it will check for Z_REALM first :) and uses it if there is not module-level realm setting. You could provide BOBO_REALM in a PCGI file directive: BOBO_REALM=spam In the next release, you'll also be able to supply environment variables on the serve.py command line. Jim -- Jim Fulton mailto:jim@digicool.com Technical Director (540) 371-6909 Python Powered! Digital Creations http://www.digicool.com http://www.python.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.
On Tue, Dec 08, 1998 at 06:53:53PM +0000, Jim Fulton wrote:
OK, this SHOULD be easy :-)
It is.
I know that the security realm used for BasicAuthentication is set using __bobo_realm__ (and BTW, still is) and defaults to the module name (Main) if nothing is set.
So, I figured, easy, I'll just add a property to the folder with that name and away we go... nope, I get an error that properties starting with '_' are verbotten... so, just how does one do this? You know what would be neat, is if there were something on the Security page to set this, just a simple box to fill in! :-)
ZPublisher also checks for an environment variable, BOBO_REALM. (In the next release, it will check for Z_REALM first :) and uses it if there is not module-level realm setting.
Ah, what I'm interested in is doing it INSIDE the GUI, on a folder level, not on a "Module" level, or a global level. For example, if I access a folder with it's own Userfolder, and authorize on that, then want to go to the MAIN /manage screen, I have to reauthorize, which is fine, since they both use "Main" as the realm. BUT when I go BACK to the sub folder (above), I'm still running as the "superuser" or whatever. I hope this makes sense :-) Let me know if I'm wacked out completely :-) Chris -- | Christopher Petrilli | petrilli@amber.org
"Christopher G. Petrilli" wrote:
On Tue, Dec 08, 1998 at 06:53:53PM +0000, Jim Fulton wrote:
OK, this SHOULD be easy :-)
It is.
I know that the security realm used for BasicAuthentication is set using __bobo_realm__ (and BTW, still is) and defaults to the module name (Main) if nothing is set.
So, I figured, easy, I'll just add a property to the folder with that name and away we go... nope, I get an error that properties starting with '_' are verbotten... so, just how does one do this? You know what would be neat, is if there were something on the Security page to set this, just a simple box to fill in! :-)
ZPublisher also checks for an environment variable, BOBO_REALM. (In the next release, it will check for Z_REALM first :) and uses it if there is not module-level realm setting.
Ah, what I'm interested in is doing it INSIDE the GUI, on a folder level, not on a "Module" level, or a global level. For example, if I access a folder with it's own Userfolder, and authorize on that, then want to go to the MAIN /manage screen, I have to reauthorize, which is fine, since they both use "Main" as the realm. BUT when I go BACK to the sub folder (above), I'm still running as the "superuser" or whatever.
And that's not what you want? :) In general, we prefer that people who are authorized above should be authorized below. Do you *really* want subfolders to have different realms, do you just want to be able to able to "log out"? If the later, we find it convenient to have a "logout" document sitting around: <!--#raise Unauthorized--> You have logged out<p> <!--#/raise--> if you really want subfolders to have their own realms, it probably wouldn't be too hard to provide a user folder property for the realm and have the user folder set the necessary response header when an authorization fails. Jim -- Jim Fulton mailto:jim@digicool.com Technical Director (540) 371-6909 Python Powered! Digital Creations http://www.digicool.com http://www.python.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.
On Tue, 8 Dec 1998, Jim Fulton wrote:
If the later, we find it convenient to have a "logout" document sitting around:
<!--#raise Unauthorized--> You have logged out<p> <!--#/raise-->
You've just taken all the fun out of closing my browser down that I was having while trying to figure out permissions. -Scott Robertson CodeIt Computing
At 06:53 PM 12/8/98 +0000, Jim Fulton wrote:
ZPublisher also checks for an environment variable, BOBO_REALM. (In the next release, it will check for Z_REALM first :) and uses it if there is not module-level realm setting.
This raises a question: since ZOPE is a good breaking-off point from previous concepts, would it be do-able to start dropping all the Bobo-isms from ZPublisher in favor of transport-neutral ORBisms? And perhaps transport-specific ones for specific transports? My group has just begun work on an SMTP publisher for ASDF, and we plan to get to WebDAV-over-Z at some point, with reuse of the WebDAV stuff to implement FTP publishing for ASDF at a later date. I would love to see things like __bobo_traverse__ migrate to things more like __orb_traverse__, and __bobo_realm__ to __HTTP_realm__. It will make it a lot clearer to both component-implementers and publisher-implementers which things they should support and which properly belong to another protocol and should not be messed with. I realize Digital Creations focus is "objects on the web", but I see key parts of what you're doing as usable for "objects on the *net*", where the web is just the first and most important step.
participants (4)
-
Christopher G. Petrilli -
Jim Fulton -
Phillip J. Eby -
Scott Robertson