[Zope] Invoking a Protected CMF Method

Mark Snellings msnellings@stellarcomms.com
Thu, 2 Aug 2001 08:44:30 -0400


This is a multi-part message in MIME format.

------=_NextPart_000_000E_01C11B2F.586AED60
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

I've written a DTML Method which builds a user roster and then accesses the
portal_membership record for each of these users to output their email
address.  The method works fine as long as the user is a Portal Manager
since the getMemberById method is protected by permission ManagePortal.

I have an automated process which every so often will invoke the method (via
http request) to retrieve the email addresses of all the portal users.  The
problem is that the method is not working properly because when the http
request is invoked, the request is treat as an anonymous user.  What must I
do get this to work?

I have tried to specify a userid:password on the http request, but Zope is
not using this as the userid for the CMF access.  Is there a way to specify
userid/password in the URL so that I can access the DTML method which as I
said can only be invoked by a Portal Manager.

I've considered adding a non-Protected method to MembershipTool.py, but I
really don't want to be modifying CMF.

Any suggestions?

Thanks
Mark Snellings
Stellar Communications, LLC
msnellings@stellarcomms.com

------=_NextPart_000_000E_01C11B2F.586AED60
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.3207.2500" name=3DGENERATOR></HEAD>
<BODY>
<DIV><FONT size=3D2><SPAN class=3D511363012-02082001>I've written a DTML =
Method=20
which builds a user roster and then accesses the portal_membership =
record for=20
each of these users to output their email address.&nbsp; The method =
works fine=20
as long as the user is a Portal Manager since the getMemberById =
method&nbsp;is=20
protected by permission ManagePortal.</SPAN></FONT></DIV>
<DIV><FONT size=3D2><SPAN =
class=3D511363012-02082001></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2><SPAN class=3D511363012-02082001>I have an automated =
process=20
which every so often will invoke the method (via http request) to =
retrieve the=20
email addresses of all the portal users.&nbsp; The problem is that the =
method is=20
not working properly because when the http request is invoked, the =
request is=20
treat as an anonymous user.&nbsp; What must I do get this to=20
work?</SPAN></FONT></DIV>
<DIV><FONT size=3D2><SPAN =
class=3D511363012-02082001></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2><SPAN class=3D511363012-02082001>I have tried to =
specify a=20
userid:password on the http request, but Zope is not using this as the =
userid=20
for the CMF access.&nbsp; Is there a way to specify userid/password in =
the URL=20
so that I can access the DTML method which as I said can only be invoked =
by a=20
Portal Manager.</SPAN></FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D511363012-02082001>I've =
considered=20
adding a non-Protected method to MembershipTool.py, but I really don't =
want to=20
be modifying CMF.</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D511363012-02082001></SPAN></FONT>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D511363012-02082001>Any=20
suggestions?</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN=20
class=3D511363012-02082001><BR>Thanks</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D511363012-02082001>Mark=20
Snellings</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN =
class=3D511363012-02082001>Stellar=20
Communications, LLC</SPAN></FONT></DIV>
<DIV><FONT face=3DArial size=3D2><SPAN class=3D511363012-02082001><A=20
href=3D"mailto:msnellings@stellarcomms.com">msnellings@stellarcomms.com</=
A></SPAN></FONT></DIV></BODY></HTML>

------=_NextPart_000_000E_01C11B2F.586AED60--