-----Original Message----- From: Guy Davis [mailto:davis@arc.ab.ca] Sent: Wednesday, January 12, 2000 1:49 PM To: zope@zope.org Subject: [Zope] AUTHENTICATED_USER?

I am trying to disallow anonymous access for all but a handful of domains. This is easy to do with Apache, but how can it be done with Zope?

The only thing I could think of was to have the following in the standard_html_header.

<dtml-if "AUTHENTICATED_USER == 'Anonymous User'" > {if remote address is acceptable} {show the true page} {else show an error message} <dtml-else> {show the true page} </dtml-if>

However the above expression never evaluates to true even when <dtml-var AUTHENTICATED_USER> shows 'Anonymous User' on the same page.

That is because AUTHENTICATED_USER is an object whose __str__() method prints the user name as a string. This is not the same thing as the user object being *equal* to a string.

If I try to use string.find(), Zope complains that AUTHENTICATED_USER is a bad arguement.

Because it's type is not string, it is a user object. Compare 'Anonymous User' with AUTENTICATED_USER.getUserName() -Michel