[Zope] exUserFolder will not redirect to login page

Gaute Amundsen gaute at div.org
Thu Dec 1 16:39:30 EST 2005 

Hi all.

I have this problem with our zope based CMS system.
No matter what i try I can not make the docLogin page appear when it should.
If I go directly to it, it works fine, but otherwise the http auth poppup 
appears.

I have started looking into exUserFolder, and putting in zLOG.LOG statements 
to try to figure out what is going on.

The best description of what is _supposed_ to be going I have found is this:
http://www.zope.org/Members/vladap/mysqlUserFolder/release-1.0.5/README
Section -> "Zope authentication process"

When i log just above "if user != None:" in validate at approx. line 1040 in 
exUserFolder.py I get:
 auth: None
 roles: None
 parent index.html
 user: Anonymous User

I get this wether index html allows anonymous or not.
Is this propper behavior?
Where does roles come from? Should not that reflect the roles needed for 
access?

If access is allowed all the other requests for images and so on have:
 auth: None
 roles: ('Manager', 'Anonymous')
 parent <bound method Image.id of <Image instance at 42aeb650>>
 user: Anonymous User

I think our CMS has modified the permission system somewhat to allow access to 
some specific folders above acl_users, but I have not found those 
changes yet. (and the lead developer is very busy on something else, and don't 
remember) 
I don't know if this is relevant or not, either..

Anyway, it seems a crucial point must be towards the end of cookie_validate 
after "if not self.sessionTracking" at approx. line 930.
If I override here and set roles = ('Manager'), i get to 
"raise 'LoginRequired'", and it seems like I should end up at 
acl_users/docLogin via docLoginRedirect.dtml, except that I go into a 
redirect loop because of the same override.

Normally "if nobody.allowed(parent, roles):" is true, and "ob" is returned, 
which is 'Anonymous User', even if the file I am accessing is protected.
Should not this be None in the last case?
And if it returns anonymous, then who decides to ask the next acl_user upp the 
chain (who only knows http auth)?

How about some way to trace down where roles come from?
Am I on the right track here?
I had a peek in ZPublisher/BaseRequest.py, but that only made me more 
confused..

All confused, and ready to give up now.
Any and all explanations, tips, or good ideas appreciated.

Regards

Gaute Amundsen

-- -----------------------------------------------------------------
  Gaute Amundsen               "Technology today is the campfire
  gaute at div.org               around which we tell our stories.
                                          There's this attraction to light
                                          and to this kind of power, which is
                                           both warm and destructive."

                                               Laurie Anderson
 http://www.div.org
--------------------------------------------------------------------

More information about the Zope mailing list