[Zope] AUTHENTICATED_USER?

Martijn Pieters mj@digicool.com
Mon, 14 Feb 2000 12:52:04 -0500 

From: Guy Davis [mailto:davis@arc.ab.ca]
> Martijn Pieters wrote:
> > 
> > Yes. You can make a new Role, let's call it DomainUser. You 
> give this
> > Role all privileges that the Anonymous Role has, and you revoke all
> > rights from the Anonymous Role.
> > 
> > Now you create a new user, and call this 
> AnonymousDomainUser. This user
> > you give _no_ password, just leave the password fields blank. You do
> > specify the domains however; it is a space separated list of domain
> > specs, where each domain spec can be either a domain name, or an IP
> > address, where wildcards can be used anywhere between the dots. For
> > example: *.zope.org *.digicool.com 192.8.*.* is a valid 
> domain spec. And
> > you also give the user the DomainUser Role.
> > 
> > Now, as soon as a visitor comes to your site from a domain 
> that matches
> > the domain spec, Zope will, without asking for a password, match him
> > against the AnonymousDomainUser User, give him the 
> DomainUser Role, and
> > grant that visitor access.
> > 
> > Anyone from any other domain will be prompted for a username and
> > password.
>
> Thanks for this response.  I saved it for a while but recently got
> around to following your suggestions.  I set this up so that
> AnonymousDomainUser is available at the top level folder.  Then in
> /Projects/TestProject, I have a whole set of other users as 
> there is no
> anonymous access to TestProject.  When some from the right 
> domain brings
> up the root folder, they match to AnonymousDomainUser but 
> when they try
> to bring up TestProject, their username and password are consistently
> rejected.
> 
> If I then go back to the security panel of the root folder 
> and give the
> Anonymous role just the capability to view, they can then 
> login properly
> and access TestProject, but then I have lost the domain filtering on
> anonymous viewers.
> 
> Is there some way to have both anonymous domain-restricted access and
> also certain directories with only authorized-user access?  Thanks.

You should be able too.. Hmmm.

Where is the Role that has access to TestProject defined? And do the
users that should have access to the TestProject Folder have that Role?

Try defining the Role on the Root object, if it is not defined there. If
this helps, there might be a bug here somewhere, although I am not that
versed in the security system yet to be sure.

-- 
Martijn Pieters, Software Engineer 
| Digital Creations http://www.digicool.com 
| Creators of Zope      http://www.zope.org 
| mailto:mj@digicool.com       ICQ: 4532236
| PGP:
http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 
-------------------------------------------