[Zope] How do I force authentication?

Tino Wildenhain tino@wildenhain.de
Fri, 23 Mar 2001 12:08:44 +0100


Hi Jerome,

J=E9r=F4me Loisel wrote:
> =

> Hello!
> =

> I am building a few Zope websites. These sites live as subfolders of my=
 root
> zope install, in which I place common code. Those websites will be
> administered by non-technical people, so one of my main coding efforts =
is
> building alternate, easy-to-use admin screens.

Ok, the standard screen might be a bit ugly but you can simplify it =

easy: just define only the permissions you want to give a user +
the right to view the management screens. (do this with globally roles
for simplicity)

This way you would teach your users to use url/manage and login. They
would
automatically see only your defined interface parts.
To archive this, you only have to subclass the zclasses you use in your
site
and add custom methods to them. Tie these methods to special rights.

> =

> I have one snag now. I want a login page which has Zope authenticate
> visitors. I don't want to take them to the real admin screens, I just w=
ant to
> have Zope authenticate them. I initially did this by writing a simple D=
TML
> method, login.html, which is not viewable by anyone with a role other t=
han
> anonymous. That worked fine for a while.

I'm asking me why you are actually calling it login_.html_? What is this
extraneous
supposed to do? Its not neccesary for zope and looks ugly anyway ;)

> That approach fails, however, when the user if defined in an acl_users =
folder
> which is lower in the object hierarchy than the login.html method. And =
that
> is the case for all my sub-site admins.

Zope's acquisition allows to place the login - method in the root and
use it
wherever you go in the site tree. You dont need to copy.

HTH
Tino