[Zope] - Setting __bobo_realm__

Jim Fulton jim@Digicool.com
Tue, 08 Dec 1998 19:29:32 +0000 

"Christopher G. Petrilli" wrote:
> 
> On Tue, Dec 08, 1998 at 06:53:53PM +0000, Jim Fulton wrote:
> > > OK, this SHOULD be easy :-)
> >
> > It is.
> >
> > > I know that the security realm used for
> > > BasicAuthentication is set using __bobo_realm__ (and BTW, still is) and
> > > defaults to the module name (Main) if nothing is set.
> > >
> > > So, I figured, easy, I'll just add a property to the folder with that
> > > name and away we go... nope, I get an error that properties starting
> > > with '_' are verbotten... so, just how does one do this?  You know what
> > > would be neat, is if there were something on the Security page to set
> > > this, just a simple box to fill in! :-)
> >
> > ZPublisher also checks for an environment variable, BOBO_REALM.
> > (In the next release, it will check for Z_REALM first :) and
> > uses it if there is not module-level realm setting.
> 
> Ah, what I'm interested in is doing it INSIDE the GUI, on a folder
> level, not on a "Module" level, or a global level.  For example, if I
> access a folder with it's own Userfolder, and authorize on that, then
> want to go to the MAIN /manage screen, I have to reauthorize, which is
> fine, since they both use "Main" as the realm.  BUT when I go BACK to
> the sub folder (above), I'm still running as the "superuser" or
> whatever.

And that's not what you want? :) In general, we prefer that
people who are authorized above should be authorized below.

Do you *really* want subfolders to have different realms, 
do you just want to be able to able to "log out"?

If the later, we find it convenient to have a "logout"
document sitting around:

  <!--#raise Unauthorized-->
     You have logged out<p>
  <!--#/raise-->

if you really want subfolders to have their own realms, 
it probably wouldn't be too hard to
provide a user folder property for the realm
and have the user folder set the necessary response header
when an authorization fails.

Jim

--
Jim Fulton           mailto:jim@digicool.com
Technical Director   (540) 371-6909              Python Powered!
Digital Creations    http://www.digicool.com     http://www.python.org

Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email
address may not be added to any commercial mail list with out my
permission.  Violation of my privacy with advertising or SPAM will
result in a suit for a MINIMUM of $500 damages/incident, $1500 for
repeats.