[Zope-CMF] Forcing skins by role
Paul Winkler
pw_lists@slinkp.com
Fri, 23 Aug 2002 15:04:52 -0700
On Fri, Aug 23, 2002 at 08:21:26PM +0200, Dieter Maurer wrote:
> I doubt that this can work:
>
> When the AccessRule fires, the user is not yet authenticated.
>
> I expect, "getAuthenticatedMember" will always return
> "Anonymous User".
God damn that's strange, but it appears
you're right. After updating CMF from CVS
and using context.changeSkin(skin_name)
instead of setupCurrentSkin(REQUEST),
I've found that the skin is reliably set to
whatever I put in the "not manager" case.
Ugh. Let me see if I can make it work
based on the AUTHENTICATED_USER value
in the REQUEST. Not the most secure approach,
as far as hiding the management skin goes;
but considering that a non-manager won't be
allowed to actually do anything interesting
in the management skin, that's probably OK.
--PW
--
Paul Winkler
"Welcome to Muppet Labs, where the future is made - today!"