user roles in standard_error_message
Hi! While customizing my standard_error_message, I ran into a little problem: Someone with the role "Member" is logged in and tries to access a resource that does not exist. Same could happen to someone who doesn't have that role (Anonymous). Now I have two different style sheets for members and non-members: A member might click on a broken link from within the members-only area (having a... pink background), the anonymous user clicked the same broken link from a publicly accessible area of the site (having a... silver background). I would like to keep the different background colors when showing my error message so I put a <dtml-if "AUTHENTICATED_USER.has_role('Member')"> <dtml-var "members_css"> <dtml-else> <dtml-var "public_css"> </dtml-if> in the head section of standard_error_message (these *_css are ZStyleSheets) My problem is, that it's always the public_css that will show up. So I checked with <dtml-var "AUTHENTICATED_USER.getRoles()"> in both the members area and standard_error_message. To my surprise the member role was gone: In the members area getRoles() returned ('Member',) while in standard_error_message ( _.str(error_type)=='NotFound' ) it returned ('Anonymous',) btw, the role is not really "lost", I can go back to the members area and click through members-only pages without problems. What's happening? This looks like buggy, naughty misbehavior :-), doesn't it? tia, Danny
Hi Danny, I think what you're running into is the fact that if a Zope method requires no authorization (as per the permission settings of the method), the security machinery shortcuts and doesn't try to authenticate. The user executing the method is always considered to be the "anonymous user". One way to fix this would be to add a different standard_error_message to the folder which contains the members-only area than the one that is in the root. Danny William Adair wrote:
Hi!
While customizing my standard_error_message, I ran into a little problem: Someone with the role "Member" is logged in and tries to access a resource that does not exist. Same could happen to someone who doesn't have that role (Anonymous). Now I have two different style sheets for members and non-members: A member might click on a broken link from within the members-only area (having a... pink background), the anonymous user clicked the same broken link from a publicly accessible area of the site (having a... silver background). I would like to keep the different background colors when showing my error message so I put a
<dtml-if "AUTHENTICATED_USER.has_role('Member')"> <dtml-var "members_css"> <dtml-else> <dtml-var "public_css"> </dtml-if>
in the head section of standard_error_message (these *_css are ZStyleSheets) My problem is, that it's always the public_css that will show up.
So I checked with
<dtml-var "AUTHENTICATED_USER.getRoles()">
in both the members area and standard_error_message. To my surprise the member role was gone:
In the members area getRoles() returned ('Member',)
while in standard_error_message ( _.str(error_type)=='NotFound' ) it returned ('Anonymous',)
btw, the role is not really "lost", I can go back to the members area and click through members-only pages without problems.
What's happening? This looks like buggy, naughty misbehavior :-), doesn't it?
tia, Danny
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (2)
-
Chris McDonough -
Danny William Adair