[Zope] Struggling with Permissions
Jean Jordaan
Jean@mosaicsoftware.com
Tue, 15 Aug 2000 13:50:57 +0200
Hi all
I've run into something baffling regarding authentication.
For debugging purposes, my standard_html_header tells me:
(I'm <em><dtml-var "AUTHENTICATED_USER.getUserName()"></em> and I have
<em><dtml-var "AUTHENTICATED_USER.getRoles()"></em> role(s).)
When I visit /docs, it tells me:
(I'm Anonymous User and I have Anonymous role(s).)
That's cool. Now I visit:
/docs/manage_addProduct/ccDoc/ccDocClass_factory
via a link from /docs, and I am prompted for username and
password. I add an instance of my ZClass, and am redirected
to /docs:
<dtml-if "AUTHENTICATED_USER.has_role('ContentManager')">
<dtml-comment> njj: Called from the public interface
</dtml-comment>
<dtml-call "RESPONSE.redirect(
DestinationURL+'/index_html')">
<dtml-else>
<dtml-call "RESPONSE.redirect(
DestinationURL+'/manage_workspace')">
</dtml-if>
(this is from ccDocClass_add). When I arrive I *still* see:
(I'm Anonymous User and I have Anonymous role(s).)
Now I edit the URL manually and visit /docs/manage, which
works *without* prompting me for authentication. I edit the
URL back to /docs, and now I see:
(I'm docEditor and I have ContentManager and Manager role(s).)
Also, this doesn't *always* happen. Perhaps it's an IE problem?
Does anyone know exactly how this works?
--
Jean Jordaan -- technical writer --
Mosaic Sofware -- Zope 2.16 on W2K