[Zope] hiding site content based upon a domain? (similar to htaccess)

Tony McDonald tony.mcdonald@ncl.ac.uk
Fri, 6 Aug 1999 08:47:01 +0100 

At 4:43 pm +0200 5/8/99, Martijn Pieters wrote:
>At 14:44 05/08/99 , Tony McDonald wrote:
>Cheers Martijn,
>>That's really cool, it works well. Problem is I'd like to deny 
>>access to people who aren't in that domain (preferably with a dtml 
>>doc that tells them why). Is there a way of doing this?
>
>Hmm...
>
>Try making a user (anon?) that has an domain spec of *.*.*.*
>Also add a user (deny?) that has the domain spec you want to exclude.
>
>Now you _should_ be able to distinguish between the two in your 
>standard_html_header and redirect deny to a page telling him that 
>access is denied...
>
>If you find that the user anon always matches, try placing it in one 
>the acl_users folder one step up in the hierarchy from the folder 
>you defined deny in.
>
>All of this untested of course =) YMMV.
>
>Let us know if this works!
>

Ok, here's where I'm at:
acl_users folder in the folder I want to protect has some users as 
well as the special user 'ValidUser' who has the domain *.ncl.ac.uk 
and no password. (for testing purposes I've set the domain to be 
nonexistantbox.ncl.ac.uk)

You're right Martijn, in that I needed to put my anonymous user 
(called AnonUser) in the acl_users folder above. That person has 
domain *.*.*.* and no password.

If I attempt to access the folder that has ValidUser (from a machine 
*not* in the correct domain, ie for this example I'm coming in from a 
box that isn't called 'nonexistantbox'), some code in index_html 
tells me that AUTHENTICATED_USER is AnonUser. If I change the 
ValidUser domain to be my machine, AUTHENTICATED_USER is ValidUser. 
Cool.

So, I put some logic at the top of standard_html_header like so:

<!--#if "AUTHENTICATED_USER=='AnonUser'"-->
<!--#call "RESPONSE.redirect('denied')"-->
<!--#/if-->
<html>
<head>
etc etc

And I *still* get the main page showing up  and telling me I'm 
AnonUser (ie the page I get is what I should see if I'm ValidUser).

Does standard_html_header do some other voodoo that isn't plainly obvious?

baffled-ly,
tone.
------
Dr Tony McDonald,  FMCC, Networked Learning Environments Project 
http://nle.ncl.ac.uk/
The Medical School, Newcastle University Tel: +44 191 222 5888
Fingerprint: 3450 876D FA41 B926 D3DD  F8C3 F2D0 C3B9 8B38 18A2