[Zope-dev] Redirection and Authentication

Christian Scholz cs@comlounge.net
Tue, 29 Aug 2000 23:36:46 +0200


Hi!

I had a little problem and just wanted to ask if someone knows an explanation..

The goal: 
I want to show a list of newsitems to the user. If an administrator wants
to change it he should be able to log in and see the same list but with edit-
buttons.

The setup is:

/folder/list		    - public accessible dtml method which show the list
/folder/edit		    - protected dtml method

The edit method is protected so that the login requester pops up and asks
for a passwort.
Originally I was simply redirecting back to the list page inside the edit document by

<dtml-call "RESPONSE.redirect('...../list')">

(the only line in the document)

In list I then check for a login with

<dtml-if "REQUEST['AUTHENTICATED_USER'].has_permission('whatever',this())">
.. show edit button here ...
</dtml-if>

The problem is now that after the Redirect AUTHENTICATED_USER is again set to
Anonymous (which I tested by printing AUTHENTICATED_USER). If I do no redirect
but put a normal link back to the list document, everything works as expected
(thus showing the edit button).

So has anyone an explanation? (Version is 2.2.0)
(right now I directly include the list again in the edit document by
using dtml-var. Works for this little thing but I assume this only being
a workaround..)

(I also remember having some strange problems with a redirect from python some
time ago. Back then it did not commit the database transaction in Oracle. After
putting a get_transaction().commit() before the redirect made things work again.)

cheers,
  Christian

-- 
Christian Scholz                                               MrTopf@IRC
COM.lounge                                          http://comlounge.net/
communication & design                                   cs@comlounge.net