[Zope] acl_users access
Chris Keyes
chrisk@nipltd.com
Thu, 15 Nov 2001 17:01:35 +0000
A real hack would be to write a python script (external method??) which
uses urllib to poke your zope and basically submit the forms as if it
was you doing this...(ie create your own posts as if you were the create
user form posting to zope) Not sure how secure this would be? I have
done it from a server process.
There may be a better way though (fingers crossed)
ChrisK
belen@netcom.no wrote:
> Hello,
>
> I am implementing a self registering form for new users to gain access
> to zope. Users should fill in some data and a python Script assigns
> them a password as well as domains and roles. Or what is the same , the
> script creates a new user.
>
> When testing the Python Script I was logged in as me with manager role
> so everything worked fine, but if someone with no previous login wants
> to create a user, he is prompted to provide a login and password.
>
> The problem is that they cannot access the acl_users folder (since they
> are no users and obviously the have no permissions) . What could I do
> to make this work?
>
> Thanks a lot in advance for your help,
>
> Belén
>
> This is the Script:
>
> import string
> from Products.PythonScripts.standard import html_quote
> request = container.REQUEST
> RESPONSE = request.RESPONSE
>
> if context.acl_users.getUser(request.form['name']):
> RESPONSE.redirect('/UserAlreadyExists')
>
> else:
> context.acl_users.manage_users('Add', context.REQUEST)
> context.confirmLoginByMail(request.form['name'], request.form
> ['email'])
> RESPONSE.redirect('/UserHasBeenAdded')
>
>
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
>
>