[Zope] Assigning a Role Based on IP Address (domain)

[David Legg]

Hi all,

I want to assign a user a role based on their IP address or domain. Looking
through the Zope book this seemed fairly straightforward but I can't get it
to work. The folder I am doing this in is one up from the root level, so I
can then lock things down from this folder up. This is what I did:

1. Created a new role called internalUser
2. Created a new user called anon, but didn't fill in the password fields,
specified the domain as *.mydomain.com and selected the role as
internalUser.
3. Created a DTML document (no security assigned) and did a <dtml-var
"AUTHENTICATED_USER.getRoles()"> to see what role was being assigned.

When I log into the document anonymously it still displays the role as
anonymous - yes I am in the right domain. When I set the security settings
to lock out anonymous but enable internalUser to view the page it still
prompts for a username and password - even though I didn't specify a
password. Looking at the user anon in acl_users the password field is filled
even though I didn't specified password - is this normal? Strangely when I
give this user a password and log in the ip/domain restriction works - there
must be something going amiss somewhere..

The reason why I would like to do it this way is so that I can conditionally
show/hide parts of a page based on this role just to give you some context -
provided it assigns the right role based on domain/ip!

If someone could provide some step by step instructions as to how they did
this (I cannot for the life of me see what I'm missing) and a possible
workaround perhaps using REMOTE_ADDR - I would dearly like to avoid this!

Thank you in advance

David