[Zope-CMF] Questions on authentication ...

seb bacon seb@jamkit.com
Tue, 18 Sep 2001 10:31:57 +0100


* Lynn Walton <waltonl@franklin.edu> [010918 00:19]:
> However, I would like the ability to require authorization for certain
> content (maybe all content in a given folder)  to a segment of our
> "public users" who will share one common username/password to access.  I
> would like them to be prompted (preferably by web basic authentication
> method like the ZMI does, rather than an html login form) to enter the
> username/password for that content.  

To manage the security, just use Zope's security mechanisms.  Create a
role 'PublicUsers' and give that role 'Change Portal Content'
permission on the folder or other objects you want them to be able to
change.  You might just want to give the user account a local role in
a single 'PublicFolder' location.

You can stop the html login by removing or playing with the switches
on the CookieCrumbler in the root of your CMF.

> I don't want them to be logged in like a portal member is logged in.
> Is that possible? 

Do you mean you don't want people to be redirected to a page with the
actions_box and news_box on it?  If so, edit the skins to reflect your
needs.  For example, you could change logged_in.dtml to test a user's
role or identity and redirect them accordingly to different places /
skins. 

seb