[Zope] newbie question

Martijn Pieters mj@antraciet.nl
Sat, 09 Oct 1999 10:06:04 +0200 

At 01:56 9-10-99 , Dyon Balding wrote:
> > It isn't that easy actually - it's a bit of a fiddle.
> >
> > 1) in the acl_users folder *above* where you want to deny access to,
> > create a user 'AnonUser' with no password and domain = '*.*.*.*'
> > 2) in the acl_users folder where you want access denied to, create a
> > user 'AllowedUser' with no password and domain '*.your.domain'
> > 3) In the standard_html_header in the second folder add some dtml code
> >
> > <dtml-if "_.str(REQUEST['AUTHENTICATED_USER'])=='AnonUser'">
> > <dtml-call "RESPONSE.redirect('denied')">
> > </dtml-if>
> > <html>
> > etc etc
> >
> > and create a DTML method called 'denied' that explains to the person
> > what's going on. *Don't* use standard_html_header in the 'denied'
> > method as you'll get infinite recursion.
> >
> > This is a bit of a faff  - I may well look at Apache rewrite rules to
> > restrict access to a site as a whole.
> >
>
>that's pretty damn convoluted, our site, which i feel would be well
>suited to zope development requires quite a bit of authentication.  we
>are a university department, and currently use an apache ldap module to
>authenticate.  we have sections of the site that need to be limited to
>the department only, and other sections that need to be limited by other
>groups.
>
>zope's authentication for management seems good, but there must be an
>easier way to limit user access.
>
>any pointers?

I think Tony mixed up a tip from me on how to _exclude_ access from a 
certain domain. Zope's access control is very powerful and very simple, but 
if you want to exclude one domain from access you have to twist and wriggle 
a bit. Tony wriggled a bit further in that direction to get 'normal' access 
control.

Normally, you'd define a new Role (like 'Visitor'), that you give the 
permissions that the Anoonymous role normally has, and revoke all Anonymous 
permissions. Then you can assign that role to anyone you want to have 
access. See the Z Content Managers Guide on Zope.org

--
Martijn Pieters, Web Developer
| Antraciet http://www.antraciet.nl
| T: +31 35 7502100 F: +31 35 7502111
| mj@antraciet.nl http://www.antraciet.nl/~mj
| PGP: http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149
---------------------------------------------