[Zope] function to check a user has agreed the TOC

Mike Renfro renfro@tntech.edu
Mon, 20 Aug 2001 08:51:06 -0500 

On Sun, Aug 19, 2001 at 06:29:44PM +0100, Norman Khine wrote:

> i would like to create a validation rule for members to check a box
> that they have read the terms and conditions. what will be the
> easiest way to do in python or java validation is there any
> advantage / disadvantage for using either.

Here's what we did (for our non-public site, where anyone with access
has a valid username/password combination -- it may not entirely apply
in your situation):

1) The first page all of our users go to is called 'login' -- all it
does is redirect them to the Agreement-check folder:

/login
------

<dtml-var standard_html_header>
  <dtml-call "RESPONSE.redirect('/Agreements/')">
<dtml-var standard_html_footer>

2) In the index_html method of the Agreements folder, we see if
there's an object in the folder that matches their username. That
object's existence determines where we go next: either to the
agreement form, or to a method that takes them to the real site.

/Agreements/index_html
----------------------

<dtml-var standard_html_header>

<dtml-call "REQUEST.set('username',AUTHENTICATED_USER.getUserName())">

<dtml-if "_.hasattr(PARENTS[0], username)">
  <dtml-call "RESPONSE.redirect('/agreed')">
<dtml-else>
  <dtml-call "RESPONSE.redirect('agreement_form')">
</dtml-if>

<dtml-var standard_html_footer>

3a) If they've already agreed to the terms, we take them onto the
regular site.

3b) If they've not already agreed to the terms, we show them the terms
and give them a pair of one-button forms at the bottom, something like:

<form action="agree" method="post">
  <input type="submit" Name="submit" value="I Agree">
</form>

and

<form action="disagree" method="post">
  <input type="submit" Name="disagree" value="I Disagree">
</form>

4) The disagree method is very simple, it just redirects them back to
the publicly-accessible /index_html method. The agree method is a bit
more complicated, but not much. It also need a manager proxy role
attached to it to do the actual object creation:

<dtml-call "REQUEST.set('username',AUTHENTICATED_USER.getUserName())">
<dtml-call "manage_addFolder(id=username)">
<dtml-call "RESPONSE.redirect('/login')">

All we did was add a folder -- if there's a more secure object to add,
let me know. Then we redirect back to the original /login method and
it's as if they logged in again. They get transparently redirected to
the real site.

Things we'd like to improve:

* fewer redirects -- Netscape/IE users never notice, but it's somewhat
  annoying when I'm working in Lynx.

* there is no second thing.

I suppose if you didn't have authenticated users, you could use the
same logic to check for a cookie on their browser -- we had to allow
for users who wouldn't have exclusive access to their computer
(student labs, etc).

-- 
Mike Renfro  / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- renfro@tntech.edu