[Zope-CMF] Auto-redirect to login page page is broken

Tres Seaver tseaver@zope.com
Wed, 07 Nov 2001 00:18:59 -0500


Dave Lehman wrote:

> I've done some extensive customizations on my CMF site, and somewhere in
> the process, have broken the feature which auto-redirects a visitor to the
> login_form if they don't have access to something. At this point, all my
> site does is pop-up the ugly authentication dialog.
> 
> From some other messages on the list, I believe this functionality is
> supposed to happen in standard_html_header. However, i'm not sure exactly
> how. If I look at the standard_html_header in my generic skin folder, the
> only thing I can guess is that the following code does it:
> 
> <dtml-if "_.hasattr(this(),'isEffective') and not isEffective( ZopeTime()
> )">
>   <dtml-unless "portal_membership.checkPermission('Request review',this())
>              or portal_membership.checkPermission('Review portal
> content',this())">
>     <dtml-var "RESPONSE.unauthorized()">
>   </dtml-unless>
> </dtml-if>
> 
> However, if I stick this into the top of my custom "standard_html_header"
> it still doesn't work. I do have a "cookie crumbler" instance in the root
> of my CMF site-- I believe it was put there automatically when my site was
> created.
> 
> Any ideas on why it is broken or how to fix it? (or a better way to
> redirect to the login page?)

The CookieCrumbler has an "Auto Login Form" property -- if you set that
to 'login_form', then it will automatically redirect "Unauthorized" exceptions
there.  Note that you likely cleared the value in order to get WebDAV / FTP
to work;  they aren't compatible with cookie-based auth.

Tres.
-- 
===============================================================
Tres Seaver                                tseaver@zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com