Re: [Zope] GUF: Generic User Folder
OK, I know some of you are out there watching. :) Here is what I found out you can do to use Zope's folder security features using your own user info database, your own login interface, and without using GUF (Generic User Folder). It's kind of simple, so don't expect too much. :) Hey, but at least it does not lock you up and send you into a panic attack. :) (1) Have your own login interface, and use some session management product or cookies to keep track of whether the user has been authenticated by you. (2) Create additional user-defined roles at the root of your Zope project. (Click on the 'Security' tab of the root folder, and scroll to the bottom.) E.g: 'teacher', 'student', 'parent', etc. (3) Create an acl_users folder at the root of your Zope project. Inside the acl_users folder, add new generic users. E.g: 'GenericTeacher', 'GenericStudent', 'GenericParent'. Assign non-trivial passwords to them, of course. (4) In your standard_html_header or equivalent, you then check against your cookies or session data. If the user is a teacher, then call: <dtml-call "REQUEST.set('AUTHENTICATED_USER', acl_users.getUser('GenericTeacher'))"> Voila! Now you can use Zope's security settings to prevent people from accessing given folders. Hung Jung ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
On Tue, 14 Mar 2000, Hung Jung Lu wrote:
OK, I know some of you are out there watching. :)
Indeed, given the sudden Zope sys.exit I get with GUF (to be fair I am not sure that GUF is the culprit, but it is certainly a suspect)
<dtml-call "REQUEST.set('AUTHENTICATED_USER', acl_users.getUser('GenericTeacher'))">
Voila! Now you can use Zope's security settings to prevent people from accessing given folders.
Maybe you should make it into a HOWTO. It is really useful. Pavlos
----- Original Message ----- From: Pavlos Christoforou <pavlos@gaaros.com> [setting AUTHENTICATED_USER by hand]
Maybe you should make it into a HOWTO. It is really useful.
I wouldn't recommend it; Changes in the implementation of the authentication machinery will break this, probably in the next release. Even if that weren't true, this trick would be discouraged. This sort of thing is *really* best done at the Python level, in a Product. Cheers, Evan @ digicool & 4-am
My apologies for dragging this up from the grave but I kept Hung Jung's trick for manually setting AUTHENTICATED_USER by hand (see below) b/c I knew it would come in handy. For most public websites I've worked on, anyone visiting the site is either 'authenticated' or 'not authenticated'. I don't want to bother with domains/roles or even using GUF/userdb etc. I prefer to roll my own code since it saves me time further down the line. Setting AUTHENTICATED_USER using Hung Jung's method does what I need quick and easy. (Much more efficient than using one of the products in the long run). However, I'm afraid I didn't follow the rest of the thread after Evan's warning (were there any follow-ups?) :
[setting AUTHENTICATED_USER by hand]
Maybe you should make it into a HOWTO. It is really useful.
I wouldn't recommend it; Changes in the implementation of the authentication machinery will break this, probably in the next release.
Are there any updates or specifics available on that ? Will it affect stuff like UserDB and GUF too ?
Even if that weren't true, this trick would be discouraged. This sort of thing is *really* best done at the Python level, in a Product.
Sorry to bother you but why should it be best done at the product level if all the product does is what can be done in one line below ? I find this manual setting very useful. chas
(1) Have your own login interface, and use some session management product or cookies to keep track of whether the user has been authenticated by you.
(2) Create additional user-defined roles at the root of your Zope project. (Click on the 'Security' tab of the root folder, and scroll to the bottom.) E.g: 'teacher', 'student', 'parent', etc.
(3) Create an acl_users folder at the root of your Zope project. Inside the acl_users folder, add new generic users. E.g: 'GenericTeacher', 'GenericStudent', 'GenericParent'. Assign non-trivial passwords to them, of course.
(4) In your standard_html_header or equivalent, you then check against your cookies or session data. If the user is a teacher, then call:
<dtml-call "REQUEST.set('AUTHENTICATED_USER', acl_users.getUser('GenericTeacher'))">
Voila! Now you can use Zope's security settings to prevent people from accessing given folders.
Hung Jung
______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (4)
-
chas -
Evan Simpson -
Hung Jung Lu -
Pavlos Christoforou