[Zope-CMF] Forcing skins by role
Dieter Maurer
dieter@handshake.de
Sun, 25 Aug 2002 09:12:16 +0200
Tres Seaver writes:
> > ... setting skins after authentication ...
> > Looks like I'm going to need to go in a different direction.
> > Maybe I can have a method that sets the skin and is always
> > called by my main_template of every skin.
I doubt that this will work (though, I am not sure):
Apparently the skin tool is set up, when the portal object
is "__bobo_traverse__"d
It may not have an effect, when you change the skin variable later.
> ...
> Another alternative would be to create a custom security policy (derived
> from AccessControl.ZopeSecurityPolicy) and arrange to do the skin
> setting from within its 'validate' method. You would then modify your
> startup code (e.g. z2.py) to install your own, custom policy.
I am not sure whether I would like such an approach.
"validate" is called extremely often, for every access from
a protected area. It should be as lightweight as possible
(therefore, it has been recently implemented in "C").
I like the recent proposal to provide an "authentication" hook:
It could provide application specific setup after authentication
as necessary.
Customization of the User Folder would be one way to get such a
hook. But, more flexible (although slower at runtime) would
be to have specialized objects for this purpose.
ZPublisher could look after authentication
for these objects in the same way, it now looks for "acl_users",
and call the first it finds.
Dieter