[Zope-dev] No more access to username
Beat Rubischon
beat at 0x1b.ch
Fri Feb 3 08:10:54 EST 2006
Hello!
Until Zope 2.8.3 it was possible to access to the name of the logged in
user also in a public accessible method. A thing I used quite often is
hiding links which were not accessible for an anonymous user but show
them in case the user has authenticated itself somewhere else in the site:
<dtml-if "AUTHENTICATED_USER.has_role('Manager')">
| <a href="manage">Manage</a>
</dtml-if>
This no longer works in Zope 2.8.5 (2.8.4 is untested) and Zope 2.9.0.
AUTHENTICATED_USER or _.SecurityGetUser().getUserName() is set to
"Anonymous User" as long as the method does not require a login. When a
login is reqired, AUTHENTICATED_USER is filled correctly but a
unpriviledged user is no longer able to access the document.
I'm not sure if I should see this as a bug or a feature and I was not
able to find the change in a diff of the sources. Could you tell me more
about this behavior?
Beat
--
\|/ Beat Rubischon <beat at 0x1b.ch>
( 0^0 ) http://www.0x1b.ch/~beat/
oOO--(_)--OOo---------------------------------------------------
Meine Erlebnisse, Gedanken und Traeume: http://www.0x1b.ch/blog/
More information about the Zope-Dev
mailing list