[Zope] AUTHENTICATED_USER?

Martijn Pieters mj@digicool.com
Wed, 12 Jan 2000 19:18:43 -0500 

> -----Original Message-----
> From: Guy Davis [mailto:davis@arc.ab.ca]
> 
> I am trying to disallow anonymous access for all but a handful of
> domains.  This is easy to do with Apache, but how can it be done with
> Zope?
> 
> The only thing I could think of was to have the following in the
> standard_html_header.
> 
> <dtml-if "AUTHENTICATED_USER == 'Anonymous User'" >
>     {if remote address is acceptable}
> 	{show the true page}
>     {else show an error message}
> <dtml-else>
>     {show the true page}
> </dtml-if>
> 
> However the above expression never evaluates to true even when
> <dtml-var AUTHENTICATED_USER> shows 'Anonymous User' on the 
> same page. 
> If I try to use string.find(), Zope complains that 
> AUTHENTICATED_USER is
> a bad arguement.  
> 
> Is there someway to salvage what I'm doing, or better yet is there a
> simpler mechanism to achieve this goal?  Thanks.

Yes. You can make a new Role, let's call it DomainUser. You give this
Role all privileges that the Anonymous Role has, and you revoke all
rights from the Anonymous Role.

Now you create a new user, and call this AnonymousDomainUser. This user
you give _no_ password, just leave the password fields blank. You do
specify the domains however; it is a space separated list of domain
specs, where each domain spec can be either a domain name, or an IP
address, where wildcards can be used anywhere between the dots. For
example: *.zope.org *.digicool.com 192.8.*.* is a valid domain spec. And
you also give the user the DomainUser Role.

Now, as soon as a visitor comes to your site from a domain that matches
the domain spec, Zope will, without asking for a password, match him
against the AnonymousDomainUser User, give him the DomainUser Role, and
grant that visitor access.

Anyone from any other domain will be prompted for a username and
password.

-- 
Martijn Pieters, Software Engineer 
| Digital Creations http://www.digicool.com 
| Creators of Zope      http://www.zope.org 
| mailto:mj@digicool.com       ICQ: 4532236
| PGP:
http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 
-------------------------------------------