[Zope-dev] AUTHENTICATION_USER in standard_error_message cause by NotFound error

Tim Ansell mithro@senet.com.au
Thu, 11 Jan 2001 04:51:12 +1030


Oppps, just realised i've been replying only to myself :)


Umm okay here is the diff, it is from version 2.2.4 but should apply to most
versions....
I have removed all the "print" debugging and cleaned up the formatting.

Could people look it over and tell me if there are any hidden problems with it?
Is it done the right way?

There seems to be a lot of repeated code between zpublisher_exception_hook and
ZPublisher.BaseRequest, maybe you want to put the auth stuff into it's own
function and work that way? Just an idea...

Mithro

> Tim Ansell wrote:
>
> > No further investigation i have found out that the part i really want to
> > modify is
> >
> >  zpublisher_exception_hook, which gets called when the error occurs
> >
> > Inside this functions there is a
> >
> >         if REQUEST.get('AUTHENTICATED_USER', None) is None:
> >             REQUEST['AUTHENTICATED_USER']=AccessControl.User.nobody
> >
> > which seems to explain why i'm getting the anonymous user for the errors.
> >
> > Is there anyway to add to this function the authentication routines so that
> > is AUTHENTICATED_USER is none it authentication is check with
> > standard_error_message being the object checked against?
> >
> > Am i making any sense?
> >
> > I'm going to give it a go and see what happen...
> >
> > Mithro
> >
> > Tim Ansell wrote:
> >
> > > <newbie alert>
> > >
> > > Hello.
> > >
> > > I've been using zope for a couple of months, i have found zope to be a
> > > great product and thank you for creating it. Currently i have run into a
> > > problem, i need to access the AUTHENTICATED_USER in a
> > > standard_error_message called by notFoundError in BaseRequest.
> > >
> > > I was wondering if the authentication routine can be added before the
> > > authentication routine in BaseRequest? Or if this is not possible it
> > > could be split into a function and and call it before the notFoundError
> > > call as well?
> > >
> > > There are many reasons you might want to do this, i have listed some
> > > below:
> > >
> > > * You want list possible urls the reader could have meant but don't want
> > > to show let Anonymous users see possible privileged urls
> > >
> > > * You want to provided different error messages for different people,
> > > i.e. a more advanced error for coders, a simple error for html writer, a
> > > special error for normal people
> > >
> > > * You wanted errors to only be reported it they where caused by certain
> > > users
> > >
> > > and the list could go on....
> > >
> > > Mithro
> > >
> > > </newbie aler>
> > >
> > > _______________________________________________
> > > Zope-Dev maillist  -  Zope-Dev@zope.org
> > > http://lists.zope.org/mailman/listinfo/zope-dev
> > > **  No cross posts or HTML encoding!  **
> > > (Related lists -
> > >  http://lists.zope.org/mailman/listinfo/zope-announce
> > >  http://lists.zope.org/mailman/listinfo/zope )