[Zope-CMF] Auto-redirect to login page page is broken
Tres Seaver
tseaver@zope.com
Wed, 07 Nov 2001 00:18:59 -0500
Dave Lehman wrote:
> I've done some extensive customizations on my CMF site, and somewhere in
> the process, have broken the feature which auto-redirects a visitor to the
> login_form if they don't have access to something. At this point, all my
> site does is pop-up the ugly authentication dialog.
>
> From some other messages on the list, I believe this functionality is
> supposed to happen in standard_html_header. However, i'm not sure exactly
> how. If I look at the standard_html_header in my generic skin folder, the
> only thing I can guess is that the following code does it:
>
> <dtml-if "_.hasattr(this(),'isEffective') and not isEffective( ZopeTime()
> )">
> <dtml-unless "portal_membership.checkPermission('Request review',this())
> or portal_membership.checkPermission('Review portal
> content',this())">
> <dtml-var "RESPONSE.unauthorized()">
> </dtml-unless>
> </dtml-if>
>
> However, if I stick this into the top of my custom "standard_html_header"
> it still doesn't work. I do have a "cookie crumbler" instance in the root
> of my CMF site-- I believe it was put there automatically when my site was
> created.
>
> Any ideas on why it is broken or how to fix it? (or a better way to
> redirect to the login page?)
The CookieCrumbler has an "Auto Login Form" property -- if you set that
to 'login_form', then it will automatically redirect "Unauthorized" exceptions
there. Note that you likely cleared the value in order to get WebDAV / FTP
to work; they aren't compatible with cookie-based auth.
Tres.
--
===============================================================
Tres Seaver tseaver@zope.com
Zope Corporation "Zope Dealers" http://www.zope.com