[Zope] Re: [Zope-dev] Question

Dieter Maurer dieter@handshake.de
Thu, 16 Aug 2001 19:23:34 +0200 (CEST)


Moved to "zope@zope.org"....

Andre Schubert writes:
 > this works very well, it's so easy to use that i have not seen it.
 > But how can i access AUTHENTICATED_USER in the method called by
 > AccessRule.
Sorry!

Did not think enough....

  You cannot because authentication is only performed at the
  end of traversal (see
    URL:http://www.dieter.handshake.de/pyprojects/zope/book/chap3.html
  for details).

Depending what authentication scheme you use, you may be able
to decode the elementary authentication information in the
request object and determine the username from that.

  When you use Basic Authentication, you would e.g. base64-decode
  the Authentication header to get the username.

  With cookie authentication, you would ask your UserFolder
  to decode it and give you the user name.

Your AccessRule must probably be an External Method for this
to work, as there is not yet a security context to
do anything protected in Python Script.


Dieter