Another question about LoginManager (or similar products)
After getting LoginManager working and following the steps of the LoginManager with SQL database HOWTO I realized that this was a solution to store administrators of the website in a database. I'm going to create a public service that requires all the users to register with a username and a password. After doing so they must log in every time they use the service. I really don't want to write the user login code if it exists in some form of a module or a product. Is there some examples of how to use the LoginManager to do this? PS: I guess I'm looking for a authentication mechanism like the one Mailman uses for it's administration pages. Yes, I can just take a look at how Mailman does it, but I guess there are some less complex examples to take a look at somewhere. :) -- Lars Preben
Lars: No, in fact LoginManager is a way to store -any- user's information for Zope. This includes administrators as well as regular users. The idea is that LoginManager hands Zope a user & roles, and then Zope uses that user & roles in its standard authorization processing. If the roles returned include "Manager" for example, then Zope gives that user administrator privs. The idea is to define a role which is useful to you e.g. "Authorized" and then set up the pages in your site so that only "Authorized" users and "Managers" can see them. You give permission to read pages by "Anonymous" only to pages like the login page that you don't need to protect (myself, I modified LoginManager to return the LoggingInUser and LoggingIn role for login, but whatever). LoginManager is then used (w/ your database) to authenticate users and return the right role. In my case, I cause a redirect to be returned whenever a non-authorized user is trying to access the site, and LoginManager returns LoggingInUser/LoggingIn for any request to pages that have to do with logging in. A. -----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Lars Preben S. Arnesen Sent: Sunday, April 15, 2001 7:57 PM To: zope@zope.org Subject: [Zope] Another question about LoginManager (or similar products) After getting LoginManager working and following the steps of the LoginManager with SQL database HOWTO I realized that this was a solution to store administrators of the website in a database. I'm going to create a public service that requires all the users to register with a username and a password. After doing so they must log in every time they use the service. I really don't want to write the user login code if it exists in some form of a module or a product. Is there some examples of how to use the LoginManager to do this? PS: I guess I'm looking for a authentication mechanism like the one Mailman uses for it's administration pages. Yes, I can just take a look at how Mailman does it, but I guess there are some less complex examples to take a look at somewhere. :) -- Lars Preben _______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[ Andrew Athan ]
The idea is to define a role which is useful to you e.g. "Authorized" and then set up the pages in your site so that only "Authorized" users and "Managers" can see them. You give permission to read pages by "Anonymous" only to pages like the login page that you don't need to protect (myself, I modified LoginManager to return the LoggingInUser and LoggingIn role for login, but whatever).
OK, I'm a newbie and obiously I need this whith a tea spoon: Let's say that create a new folder (in the root folder) named 'foobar'. foobar only contains an index_html object. So now everybody is able to see the content of my indexfile by accessing http://myZopeServer:8080/foobar Could someone please tell me step by step how to protect the contents of foobar so that every user has to log in to get the contentes only using the built-in user function in zope? -- Lars Preben
"Lars Preben S. Arnesen" wrote:
'foobar'. foobar only contains an index_html object. So now everybody is able to see the content of my indexfile by accessing http://myZopeServer:8080/foobar
Could someone please tell me step by step how to protect the contents of foobar so that every user has to log in to get the contentes only using the built-in user function in zope?
Click on the Security tab in foobar and 'uncheck' any 'checked' boxes in the Anonymous column. -- Tim Cook, President - FreePM,Inc. http://www.FreePM.com Office: (731) 884-4126 ONLINE DEMO: http://www.freepm.org:8080/FreePM
[ Tim Cook ]
Click on the Security tab in foobar and 'uncheck' any 'checked' boxes in the Anonymous column.
The default is that only the Manager role is checked in the security section. The index_html object in foobar is still readable for everyone. -- Lars Preben
On Mon, Apr 16, 2001 at 11:37:37PM +0200, Lars Preben S. Arnesen wrote:
[ Tim Cook ]
Click on the Security tab in foobar and 'uncheck' any 'checked' boxes in the Anonymous column.
The default is that only the Manager role is checked in the security section. The index_html object in foobar is still readable for everyone.
You need to first uncheck "Acquire Permission Settings" for at least "View", and perhaps others, based on other actions you want to allow/disallow. Zac -- $name="zachery bir"; $email="zbir@urbanape.com"; $position="systems administrator"; $altposition="witch doctor"; $voice="804.644.6230"; $web="http://www.urbanape.com";
You may want to look at the Zope Membership Component http://zmc.immortalitysystems.net/. It builds an autoregistration interface on top of LoginManager.
-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Lars Preben S. Arnesen Sent: Sunday, April 15, 2001 16:57 To: zope@zope.org Subject: [Zope] Another question about LoginManager (or similar products)
After getting LoginManager working and following the steps of the LoginManager with SQL database HOWTO I realized that this was a solution to store administrators of the website in a database.
I'm going to create a public service that requires all the users to register with a username and a password. After doing so they must log in every time they use the service. I really don't want to write the user login code if it exists in some form of a module or a product.
Is there some examples of how to use the LoginManager to do this?
PS: I guess I'm looking for a authentication mechanism like the one Mailman uses for it's administration pages. Yes, I can just take a look at how Mailman does it, but I guess there are some less complex examples to take a look at somewhere. :)
-- Lars Preben
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[ Loren Stafford ]
You may want to look at the Zope Membership Component http://zmc.immortalitysystems.net/. It builds an autoregistration interface on top of LoginManager.
It looks real nice, but I don't find any link to the component itself. Am I blind or is it way too few links on the immortalitysystems.net web site? The web pages at zope.org only points to immortalitysystems.net. -- Lars Preben
http://www.zope.org/Members/Bill/Products/Membership
-----Original Message----- From: Lars Preben S|rsdahl Arnesen [mailto:l.p.arnesen@usit.uio.no] Sent: Monday, April 16, 2001 11:32 To: Loren Stafford Cc: zope@zope.org Subject: Re: [Zope] Another question about LoginManager (or similar products)
[ Loren Stafford ]
You may want to look at the Zope Membership Component http://zmc.immortalitysystems.net/. It builds an autoregistration interface on top of LoginManager.
It looks real nice, but I don't find any link to the component itself. Am I blind or is it way too few links on the immortalitysystems.net web site? The web pages at zope.org only points to immortalitysystems.net.
-- Lars Preben
participants (5)
-
Andrew Athan -
l.p.arnesen@usit.uio.no -
Loren Stafford -
Tim Cook -
Zachery Bir