[Zope-dev] AUTHENTICATION_USER in standard_error_message cause by
NotFound error
Tim Ansell
mithro@senet.com.au
Thu, 11 Jan 2001 18:41:33 +1030
This is a multi-part message in MIME format.
--------------D6286197E5DAE47C978F0957
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
I appears last night i didn't test the diff...
This one should work without any editing...
Mithro
Tim Ansell wrote:
> Forgot to attach the diff....
>
> Forgive me it's 4:52am here....
>
> Mithro
>
> Tim Ansell wrote:
>
> > Oppps, just realised i've been replying only to myself :)
> >
> > Umm okay here is the diff, it is from version 2.2.4 but should apply to most
> > versions....
> > I have removed all the "print" debugging and cleaned up the formatting.
> >
> > Could people look it over and tell me if there are any hidden problems with it?
> > Is it done the right way?
> >
> > There seems to be a lot of repeated code between zpublisher_exception_hook and
> > ZPublisher.BaseRequest, maybe you want to put the auth stuff into it's own
> > function and work that way? Just an idea...
> >
> > Mithro
> >
> > > Tim Ansell wrote:
> > >
> > > > No further investigation i have found out that the part i really want to
> > > > modify is
> > > >
> > > > zpublisher_exception_hook, which gets called when the error occurs
> > > >
> > > > Inside this functions there is a
> > > >
> > > > if REQUEST.get('AUTHENTICATED_USER', None) is None:
> > > > REQUEST['AUTHENTICATED_USER']=AccessControl.User.nobody
> > > >
> > > > which seems to explain why i'm getting the anonymous user for the errors.
> > > >
> > > > Is there anyway to add to this function the authentication routines so that
> > > > is AUTHENTICATED_USER is none it authentication is check with
> > > > standard_error_message being the object checked against?
> > > >
> > > > Am i making any sense?
> > > >
> > > > I'm going to give it a go and see what happen...
> > > >
> > > > Mithro
> > > >
> > > > Tim Ansell wrote:
> > > >
> > > > > <newbie alert>
> > > > >
> > > > > Hello.
> > > > >
> > > > > I've been using zope for a couple of months, i have found zope to be a
> > > > > great product and thank you for creating it. Currently i have run into a
> > > > > problem, i need to access the AUTHENTICATED_USER in a
> > > > > standard_error_message called by notFoundError in BaseRequest.
> > > > >
> > > > > I was wondering if the authentication routine can be added before the
> > > > > authentication routine in BaseRequest? Or if this is not possible it
> > > > > could be split into a function and and call it before the notFoundError
> > > > > call as well?
> > > > >
> > > > > There are many reasons you might want to do this, i have listed some
> > > > > below:
> > > > >
> > > > > * You want list possible urls the reader could have meant but don't want
> > > > > to show let Anonymous users see possible privileged urls
> > > > >
> > > > > * You want to provided different error messages for different people,
> > > > > i.e. a more advanced error for coders, a simple error for html writer, a
> > > > > special error for normal people
> > > > >
> > > > > * You wanted errors to only be reported it they where caused by certain
> > > > > users
> > > > >
> > > > > and the list could go on....
> > > > >
> > > > > Mithro
> > > > >
> > > > > </newbie aler>
> > > > >
> > > > > _______________________________________________
--------------D6286197E5DAE47C978F0957
Content-Type: text/plain; charset=us-ascii;
name="SEM_new_auth.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="SEM_new_auth.diff"
--- ./__init__.py.original Wed Jan 10 23:13:53 2001
+++ ./__init__.py Wed Jan 10 23:45:28 2001
@@ -162,6 +162,9 @@
class RequestContainer(ExtensionClass.Base):
def __init__(self,r): self.REQUEST=r
+from ZPublisher.BaseRequest import old_validation
+UNSPECIFIED_ROLES=''
+
def zpublisher_exception_hook(
published, REQUEST, t, v, traceback,
# static
@@ -208,11 +211,79 @@
break
client=published
+
+ auth=REQUEST._auth
+
+ user=groups=None
+
+ while 1:
+ if REQUEST.get('AUTHENTICATED_USER', None) is None:
+ # Do authentication here....
+ r = getattr(client, '__roles__', UNSPECIFIED_ROLES)
+ if r is not UNSPECIFIED_ROLES:
+ roles = r
+ elif not got:
+ roles = getattr(client, entry_name+'__roles__', roles)
+
+ if roles:
+ if hasattr(client, '__allow_groups__'):
+ groups=client.__allow_groups__
+
+ if hasattr(groups, 'validate'): v=groups.validate
+ else: v=old_validation
+
+ if v is old_validation and roles is UNSPECIFIED_ROLES:
+ print "Validation and UNSEPCIFIED_ROLES is okay"
+ # No roles, so if we have a named group, get roles from
+ # group keys
+ if hasattr(groups,'keys'): roles=groups.keys()
+ else:
+ try: groups=groups()
+ except: pass
+ try: roles=groups.keys()
+ except: pass
+
+ if groups is None:
+ # Public group, hack structures to get it to validate
+ roles=None
+ auth=''
+
+ if v is old_validation:
+ user=old_validation(groups, request, auth, roles)
+ elif roles is UNSPECIFIED_ROLES: user=v(request, auth)
+ else: user=v(REQUEST, auth, roles)
+
+ if hasattr(client, '__allow_groups__') and user == None:
+ groups=client.__allow_groups__
+ if hasattr(groups,'validate'):
+ v=groups.validate
+ else:
+ v=old_validation
+ if v is old_validation:
+ user=old_validation(groups, REQUEST, auth, roles)
+ elif roles is UNSPECIFIED_ROLES:
+ user=v(REQUEST, auth)
+ else:
+ user=v(REQUEST, auth, roles)
+
+ if user is not None:
+ REQUEST['AUTHENTICATED_USER']=user
+
+ try:
+ client=getattr(client, 'aq_parent', None)
+ if client is None: raise
+ except:
+ break
+
while 1:
if getattr(client, 'standard_error_message', None) is not None:
break
- client=getattr(client, 'aq_parent', None)
- if client is None: raise
+ try:
+ client=getattr(client, 'aq_parent', None)
+ if client is None: raise
+ except:
+ break
+
if REQUEST.get('AUTHENTICATED_USER', None) is None:
REQUEST['AUTHENTICATED_USER']=AccessControl.User.nobody
--------------D6286197E5DAE47C978F0957--