At 14:23 02/03/99 , JP Glutting wrote:

Does anyone have any more information on AUTHENTICATED_USER? We saw a while back that it has properties (AUTHENTICATED_USER.has_role(['Manager', 'Editor'])). I would like to be able to get the user name, and use that to index simple files for users. Is there something like AUTHENTICATED_USER['UserName']?? This is essentially the information that is returned if you try <!--#var AUTHENTICATED_USER-->. However, if you try something like <!--#if "AUTHENTICATED_USER in objectIds()"-->, it does not work.

Use <!--#var expr="AUTHENTICATED_USER.getUserName()"--> More hints linke this can be found in the User.py file in your lib/python/AccessControl directory. The following functions could be usefull: getUserName(self): Return the username of a user getRoles(self): Return the list of roles assigned to a user. getDomains(self): Return the list of domain restrictions for a user allowed(self, parent, roles=None): Check wether the user has access to parent hasRole(self, parent, roles=None): Check wether the user has the specified roles has_role(self, roles): Check wether the user has the specified roles allowed & hasRole are one and the same. When called with parent=None, it just returns wether the user has the named roles. has_role also checks for roles, but doesn't automatically include the Anonymous role. So, hasRole(None, 'Anonymous') always returns true, but has_role('Anonymous') returns false for every user that has been authenticated. Note that AUTHENTICATED_USER is always defined, also for anonymous access. Here is a little example of what you could do with these functions: <!--#comment-->Display user info<!--#/comment--> You are the user named <!--#var expr="AUTHENTICATED_USER.getUserName()"-->.<P> <!--#if "AUTHENTICATED_USER.getRoles()"--> You have the following roles: <!--#in "AUTHENTICATED_USER.getRoles()"--> <LI><!--#var sequence-item--> <!--#/in--> <!--#else--> You have no roles defined. <!--#/if--> <P> <!--#if "AUTHENTICATED_USER.getDomains()"--> You are allowed to log in from the following domains: <!--#in "AUTHENTICATED_USER.getDomains()"--> <LI><!--#var sequence-item--> <!--#/in--> <!--#else--> You can log in from any domain. <!--#/if--> <P> <!--#if "AUTHENTICATED_USER.has_role(['Manager'])"--> You have the 'Manager' role.<BR> <!--#/if--> <!--#if "AUTHENTICATED_USER.has_role(['Anonymous'])"--> You have the 'Anonymous' role. You are therefore an anonymous user.<BR> <!--#/if--> <!--#if "AUTHENTICATED_USER.has_role(['nonexistent'])"--> You have the 'nonexistent' role.<BR> <!--#/if--> <!--#var standard_html_footer--> The last call to has_role is to show that the user defined in the 'access' file in the root folder of your Zope installation, has ALL roles, including non-existent ones. And even more interesting, the call to getRoles() will get you 'manage', a misspelled version of the 'Manager' role. This is probably the only way to reliably recognize the superuser. -- M.J. Pieters, Web Developer | Antraciethttp://www.antraciet.nl | Tel: +31-35-6254545 Fax: +31-35-6254555 | mailto:mj@antraciet.nl http://www.antraciet.nl/~mj | PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 ------------------------------------------