[Zope-CMF] Forcing skins by role
Dieter Maurer
dieter@handshake.de
Sun, 25 Aug 2002 08:22:51 +0200
Paul Winkler writes:
> On Fri, Aug 23, 2002 at 08:21:26PM +0200, Dieter Maurer wrote:
> > I doubt that this can work:
> >
> > When the AccessRule fires, the user is not yet authenticated.
> >
> > I expect, "getAuthenticatedMember" will always return
> > "Anonymous User".
>
> God damn that's strange, but it appears
> you're right. After updating CMF from CVS
> and using context.changeSkin(skin_name)
> instead of setupCurrentSkin(REQUEST),
> I've found that the skin is reliably set to
> whatever I put in the "not manager" case.
>
> Ugh. Let me see if I can make it work
> based on the AUTHENTICATED_USER value
> in the REQUEST.
"AUTHENTICATED_USER" is initialized even a bit later than
the security context.
What you can try:
Force authentication inside your access rule (by calling
the corresponding 'validate' method (probably of CookieCrumber)).
This can work as long as you do not have subsites with their own
"acl_users".
Dieter