[Zope] prevent user aquisition with custom userfolder

Dieter Maurer dieter@handshake.de
Thu, 29 Aug 2002 20:32:17 +0200


zope-mailinglist writes:
 > ...
 > it seems that this can not be done in the userfolder itself -- of course
It can, quite easily.

  Usually, a UserFolder returns "None" when it cannot validate the user,
  *unless* it is the top level UserFolder. The top level user folder
  returns the "Anonymous User", in this case.

  The "None" tells ZPublisher that the use is not yet recognized and
  that it must look further up.

  As you see, your UserFolder just needs to return the
  "Annonymous User" object when it cannot validate.

HOWEVER, be very careful! It is extremely easy to block your
site managers (usually defined in the top level UserFolder) from
entering the subhierarchy under control of your specialized UserFolder.
As soon as you create one (it will probably be empty), only the
Emergency User can do anything in this subhierarchy (until it created
new Managers in this UserFolder)!


Dieter