[Zope-dev] Login/Authentication/Authorization tools wrt SquishDot

Martijn Pieters mj@antraciet.nl
Wed, 25 Aug 1999 20:14:21 +0200 

At 15:07 25-8-99 , Neal Holtz wrote:
>  1. A way to identify in DTML the rights of the current user, so
>     pages can be adapted.  I would like to get the loginId for the
>     user, but more important, I think, would be just a way to
>     test for various roles.  EG: "is the current user a registered
>     student?", etc.

The AUTHENTICATED_USER object has several methods that are of use here.

The one you want to use is has_role:

<!--#if "AUTHENTICATED_USER.has_role(['Role 1', 'Role2'])-->
   This text will only be visible to users that have a 'Role1' or 'Role2' role.
<!--#/if-->


>     A Quick reading of Publish.py (in Zope 1.10.3) seems to show all
>     the authorization logic deeply bound into method 'publish', and
>     it would be nice to have that brought out into a separate method.

The AUTHENTICATED_USER code can be found in 
lib/python/AccessControl/User.py, in the classes BasicUser and User (the 
latter is a subclass of the first).


>  2. A way to import a few hundred userids, passwords, and roles,
>     from our own registration databases.  Or would it be better
>     to let the webserver authenticate people? - I was going to let
>     Zope do it.

For this you could use UserDB. It is an alternative UserFolder object, that 
let's you authenticate users against a database. It can be adjusted to fit 
any existing database schema. You can download the UserDB product from:

   http://www.zope.org/Download/Prereleases/UserDB


>  3. A way to have a 'login' link that allows a user to change their
>     identities at any time (more useful for me during testing, but I
>     would like anyone to be able to view pages anonymously at
>     any time, but only have to login when they wish to post an
>     unmoderated response to an article.

On of the nice extras that UserDB offers is cookie-based authentication. 
Normally Zope uses the HTTP Basic Authentication protocol, and current 
browser implementations make it difficult to switch username and password 
within a website. With UserDB, you can easily give the user a webpage where 
they can offer a new username and password combination to switch Roles, or 
a logout page to switch back to the Anonymous Role.


--
Martijn Pieters, Web Developer
| Antraciet http://www.antraciet.nl
| T: +31 35 7502100 F: +31 35 7502111
| mj@antraciet.nl http://www.antraciet.nl/~mj
| PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149
---------------------------------------------