In some case, you want to take special actions once the user has been determined at the end of traversal. You may, e.g., want to deny Manager role to any non HTTPS request. This patch adds support for a *post authentication hook*. It adds code to the 'validated_hook', called when the user is successfully authenticated. The code tries to acquire an object 'post_authentication_hook' from 'request.PARENTS[0]'. If this is successful, it calls this object with the arguments 'request' and 'user'. Usually, this call will raise Unauthorized when it has objections against the request. Download: <http://www.dieter.handshake.de/pyprojects/zope/postauth.pat> Dieter
It would be good to see this in the core :-) Are you looking to do that at any stage? Chris Dieter Maurer wrote:
In some case, you want to take special actions once the user has been determined at the end of traversal. You may, e.g., want to deny Manager role to any non HTTPS request.
This patch adds support for a *post authentication hook*. It adds code to the 'validated_hook', called when the user is successfully authenticated. The code tries to acquire an object 'post_authentication_hook' from 'request.PARENTS[0]'. If this is successful, it calls this object with the arguments 'request' and 'user'. Usually, this call will raise Unauthorized when it has objections against the request.
Download: <http://www.dieter.handshake.de/pyprojects/zope/postauth.pat>
Dieter
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Chris Withers wrote at 2003-9-25 14:04 +0100:
It would be good to see this in the core :-)
Are you looking to do that at any stage?
We already had a discussion about this: I do not have CVS write permission because I am not ready to take responsibility with respect to the broken US patent laws, laws that allow to patent almost any stupidity and triviality (such as "one-click-purchase", "restroom reservation", "dynamic loading", ...). As Zope.com requires a commitment to defend her in any patent disputes caused by a committer, I cannot become a committer. That said, I do not mind if anybody puts the 10 lines into the Zope core. Hopefully, the idea to provide a hook for additional checks after authentication is not patented, not even in the US. Dieter
I would prefer the patch I submitted in #802, since it allows for multiple, independent post-traversal actions, and cannot be affected by name clashes in userspace. I admit that it's a bit harder to use than simply acquiring a callable, though. http://collector.zope.org/Zope/802/view The attached patch provides a post_traverse() method that can be used during publishing traversal. It allows an Access Rule (or similar) to register a callable object and arguments. Registered objects are called in the order in which they were registered just before traverse() completes. Cheers, Evan @ 4-am
Evan Simpson wrote at 2003-9-25 15:07 -0500:
I would prefer the patch I submitted in #802, since it allows for multiple, independent post-traversal actions, and cannot be affected by name clashes in userspace. I admit that it's a bit harder to use than simply acquiring a callable, though.
http://collector.zope.org/Zope/802/view
The attached patch provides a post_traverse() method that can be used during publishing traversal. It allows an Access Rule (or similar) to register a callable object and arguments. Registered objects are called in the order in which they were registered just before traverse() completes.
I do not mind... Dieter
participants (3)
-
Chris Withers -
Dieter Maurer -
Evan Simpson