[Zope] Weird permissions problem.
Phil Harris
phil.harris@zope.co.uk
Wed, 18 Apr 2001 16:22:57 +0100
The login page doesn't have to be viewable.
The fact that it isn't viewable triggers the login dialog. Thereby logging
the user in.
This used to work, sometime back, I've noticed a few things like this
recently but since at the time I was using the LoginManager for auth, I
thought it was me doing something wrong. Now I'm not so sure.
In fact I'm not sure of much at the moment, I'm losing my Zen slowly but
surely. Probably a bit of Mad-CowDisease since I'm in UK 8^(.
The question remains, should you be able to get the absolute_url of an
object if the object itself isn't viewable?
TIA
Phil
----- Original Message -----
From: <ghaley@mail.venaca.com>
To: "Phil Harris" <phil.harris@zope.co.uk>
Cc: <zope@zope.org>
Sent: Wednesday, April 18, 2001 4:15 PM
Subject: Re: [Zope] Weird permissions problem.
>
> thinking about the logic of the steps here:
>
> a user comes to your url, and must log in, but if log in will not
> view until the user is authenticated, then the user never has an
> opportunity to log in and become authenticated.
>
> it seems to me that the login page has to be viewable by
> anonymous in order to allow anonymous_user to become authenticated_user.
> everything after the log in would need to have anonymous viewing turned
> off.
>
> or am i missing something here?
>
> ciao!
> greg.
>
> Gregory Haley
> DBA/Web Programmer
> Venaca, LLC.
>
> >
> >
> > Now maybe I'm wrong but shouldn't you be able to get the url of a page
even
> > if you turn off view permissions?
> >
> > Someone please help, I'm getting slightly confused here.
> >
> >