[Zope-PTK] Re: Status of LoginManager

Phillip J. Eby pje@telecommunity.com
Mon, 28 Feb 2000 19:28:18 -0500 

At 01:47 PM 2/28/00 -0800, John Eikenberry wrote:
>
>- Implement selectable user ZClasses
>
>This seems to be the functionality that I want. But based on what the
>current README says (from the version without this) it seemed that it was
>possible before. Was the readme just ahead of its time or am I missing
>something.

If you wrote your own user source, you could do this before, by hardwiring
what class you wanted User objects to be.  It's just that the framework has
code now, so you don't have to write that code, *and* you can inherit a
management interface for selecting the ZClass as well.


>- Implement a Role Mapping facility on BUS, which other US's like GUS
>  can use. Added to GUS. This allows you to have roles that imply other
>  roles.
>
>Could you explain Role Mapping a bit more... it sounds like it might be
>useful to me, but its hard to tell without a better understanding. 

It lets you set, for a given role the person has, what other roles they
should receive as a result.  It's intended for situations where your user
database has role or group names which don't correspond exactly to the Zope
role names you want.  So you can say that role A in your DB corresponds to
Zope "Manager", while role B corresponds to "Editor" and "Member".  It is
strictly an addition of roles; a user with role A will end up with role A
*and* role Manager.  It is also not possible to say A+B=something; it's
strictly a "if they have this role, they also get some other role(s)".


>One last question. Will Login Manager allow me to specify a page to return
>for the Unauthorized Error? Having to hack the Zope source to change this
>is my biggest peeve with Zope (it is a _very_ common request). I didn't
>find anything in a brief look through the docs and code... please tell me
>I overlooked it. 

This is as simple as adding a "loginForm" method to your LoginManager,
which should look something like:

<dtml-raise Unauthorized>
...html of entire page to be displayed goes here
</dtml-raise>

At least, if you want to use Basic auth instead of cookies.  If you're
doing cookies, the page should be a login form.

LoginManager also can use an optional "forbiddenPage" you can override to
tell someone they are logged in, but don't have the right to do what
they're trying to do.