[Zope] Manual AUTHENTICATED_USER (Re: [Zope] GUF: Generic User Folder) Folder)

chas panda@skinnyhippo.com
Sun, 09 Apr 2000 13:44:36 +0900


My apologies for dragging this up from the grave but I kept 
Hung Jung's trick for manually setting AUTHENTICATED_USER 
by hand  (see below) b/c I knew it would come in handy.
For most public websites I've worked on, anyone visiting 
the site is either 'authenticated' or 'not authenticated'.  
I don't want to bother with domains/roles or even using 
GUF/userdb etc. I prefer to roll my own code since it 
saves me time further down the line. Setting 
AUTHENTICATED_USER using Hung Jung's method does what I 
need quick and easy. (Much more efficient than using one 
of the products in the long run).

However, I'm afraid I didn't follow the rest of the thread 
after Evan's warning (were there any follow-ups?) :

> [setting AUTHENTICATED_USER by hand]
> >
> > Maybe you should make it into a HOWTO. It is really useful.
> 
> I wouldn't recommend it; Changes in the implementation of the authentication
> machinery will break this, probably in the next release.  

Are there any updates or specifics available on that ?  
Will it affect stuff like UserDB and GUF too ?

> Even if that
> weren't true, this trick would be discouraged.  This sort of thing is
> *really* best done at the Python level, in a Product.

Sorry to bother you but why should it be best done at the 
product level if all the product does is what can be done
in one line below ?  I find this manual setting very useful.

chas




>(1) Have your own login interface, and use some session
>    management product or cookies to keep track of whether
>    the user has been authenticated by you.
>
>(2) Create additional user-defined roles at the root of
>    your Zope project. (Click on the 'Security' tab of
>    the root folder, and scroll to the bottom.) E.g:
>    'teacher', 'student', 'parent', etc.
>
>(3) Create an acl_users folder at the root of your Zope
>    project. Inside the acl_users folder, add new generic
>    users. E.g: 'GenericTeacher', 'GenericStudent',
>    'GenericParent'. Assign non-trivial passwords to them,
>    of course.
>
>(4) In your standard_html_header or equivalent, you then
>    check against your cookies or session data. If the
>    user is a teacher, then call:
>
>    <dtml-call "REQUEST.set('AUTHENTICATED_USER',
>                acl_users.getUser('GenericTeacher'))">
>
>Voila! Now you can use Zope's security settings to prevent
>people from accessing given folders.
>
>Hung Jung
>
>______________________________________________________
>Get Your Private, Free Email at http://www.hotmail.com
>
>
>_______________________________________________
>Zope maillist  -  Zope@zope.org
>http://lists.zope.org/mailman/listinfo/zope
>**   No cross posts or HTML encoding!  **
>(Related lists - 
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
>
>