[Zope] AUTHENTICATED_USER, and what you can do with it.

Tue, 2 Mar 1999 10:54:18 -0500

> -----Original Message-----
> From: Martijn Pieters [mailto:mj@antraciet.nl]
> Sent: Tuesday, March 02, 1999 9:35 AM
> To: JP Glutting; zope@zope.org
> Subject: [Zope] AUTHENTICATED_USER, and what you can do with it.
> 
> 

This is an excellent post.  I want to add that _getPassword() is a handy
function also if you want to use your Zope user to authenticate into an
external system, like POP3 or IMAP.

-Michel

> Use <!--#var expr="AUTHENTICATED_USER.getUserName()"-->
> 
> More hints linke this can be found in the User.py file in your
> lib/python/AccessControl directory.
> 
> The following functions could be usefull:
> 
> getUserName(self): Return the username of a user
> getRoles(self): Return the list of roles assigned to a user. 
> getDomains(self): Return the list of domain restrictions for a user
> allowed(self, parent, roles=None): Check wether the user has 
> access to parent
> hasRole(self, parent, roles=None): Check wether the user has 
> the specified
> roles
> has_role(self, roles): Check wether the user has the specified roles
> 
> allowed & hasRole are one and the same. When called with 
> parent=None, it
> just returns wether the user has the named roles. has_role 
> also checks for
> roles, but doesn't automatically include the Anonymous role. So,
> hasRole(None, 'Anonymous') always returns true, but 
> has_role('Anonymous')
> returns false for every user that has been authenticated.
> 
> Note that AUTHENTICATED_USER is always defined, also for 
> anonymous access.
> 
> Here is a little example of what you could do with these functions:
> 
> <!--#comment-->Display user info<!--#/comment-->
> You are the user named <!--#var 
> expr="AUTHENTICATED_USER.getUserName()"-->.<P>
> 
> <!--#if "AUTHENTICATED_USER.getRoles()"-->
>   You have the following roles:
> 
>   <!--#in "AUTHENTICATED_USER.getRoles()"-->
>     <LI><!--#var sequence-item-->
>   <!--#/in-->
> <!--#else-->
>   You have no roles defined.
> <!--#/if-->
> <P>
> 
> <!--#if "AUTHENTICATED_USER.getDomains()"-->
>   You are allowed to log in from the following domains:
> 
>   <!--#in "AUTHENTICATED_USER.getDomains()"-->
>     <LI><!--#var sequence-item-->
>   <!--#/in-->
> <!--#else-->
>   You can log in from any domain.
> <!--#/if-->
> <P>
> 
> <!--#if "AUTHENTICATED_USER.has_role(['Manager'])"-->
> You have the 'Manager' role.<BR>
> <!--#/if-->
> 
> <!--#if "AUTHENTICATED_USER.has_role(['Anonymous'])"-->
> You have the 'Anonymous' role. You are therefore an anonymous 
> user.<BR>
> <!--#/if-->
> 
> <!--#if "AUTHENTICATED_USER.has_role(['nonexistent'])"-->
> You have the 'nonexistent' role.<BR>
> <!--#/if-->
> <!--#var standard_html_footer-->
> 
> The last call to has_role is to show that the user defined in 
> the 'access'
> file in the root folder of your Zope installation, has ALL 
> roles, including
> non-existent ones. And even more interesting, the call to 
> getRoles() will
> get you 'manage', a misspelled version of the 'Manager' role. This is
> probably the only way to reliably recognize the superuser.
> 
> 
> --
> M.J. Pieters, Web Developer
> | Antraciethttp://www.antraciet.nl
> | Tel: +31-35-6254545 Fax: +31-35-6254555
> | mailto:mj@antraciet.nl http://www.antraciet.nl/~mj
> | PGP: 
http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149
------------------------------------------

_______________________________________________
Zope maillist  -  Zope@zope.org
http://www.zope.org/mailman/listinfo/zope