[Zope] Making sure all users are authenticated

Flynt rhess@bic.ch
Fri, 29 Jun 2001 13:30:11 +0200


Hi David,

comments are inline:


David Goodenough wrote:
> 
> I should preface this question with a little background.  I come from a
> Lotus Domino world
> where all users are authenticated (not the web interface which allows
> anonymous but the
> client interface).  I need to do something similar in a Zope
> environment, that is to say that
> I want to be sure that all users have authenticated themselves and that
> the scripts can
> find out who they are, but I do not want to make them Managers or
> Owners.
> 
> I suppose that the answer to this is to create a new role (say "User")

This approach is okay. At the same time you have to disable the role for
Anonymous. Notice an important difference  in the security tabs of the
ZMI (Zope Management Interface): the one in the highest level (root
level) has no column *Aquire permission settings* on the left side,
whereas the security tabs in lower levels have. This coloumn (wether
checked or not) tells you, wether you acquire permission settings from
folders above or not. For example, even if for the role *Anonymous* in a
lower level no permission is checked, it nevertheless **has
permissions** (i.g. the view permission), because the *acquire
permission* is checked on the left side and on the root level,
*Anonymous* has been given (checked) this permission.
So, to disable all permissions for role *Anonymous* you have to uncheck
all permissions in the root level. You may see here also the first
simplest approach for the settings of your new *User* role: just give
this role the permissions that usually *Anonymous* holds, uncheck them
for *Anonymous* and give your users this new *User* role you just
created.

> and make sure that
> all the users are enroled in that role and then only allow users with
> that role to view the
> objects that I wish to control in this manner.
> 
> I am relatively new to Zope, and have read the manual, but I am none the
> wiser either as
> to whether this is the right approach, or as to how I go about  adding
> such a new role and
> then how I add such a security filter so that only users with this role
> can access the
> objects, there only seems to be controls for Anonymous, Manager and
> Owner.
> 
As you don't tell, what *manual* you have read: A first good entry point
to Zope security is the chapter *Users and Security* in the Zope book
http://www.zope.org/Members/michel/ZB/


Regards,
--- Flynt