[Zope-CMF] Please help!!!!: Restrict entering pages to Anonymous users

Ausum Studio ausum_studio@hotmail.com
Mon, 26 Aug 2002 21:54:33 -0500 

This is a tested resume of previous advices on the subject:

1. In the "security" tab of the CMF object's root, disable "View" and
"Access contents information" to anonymous users by unchecking "acquire
permission settings", and checkhing "authenticated" instead.

2. Create a custom version of the "login_form" skin, and carefully remove
all calls to other methods, except those to portal_url, wich are useful to
provide urls to stuff like images and the 'action' attribute within the
'form' tag. This is important as long as those other methods may be calling
new others, thus making it more difficult to manage its security settings.

3.  Go the "security" tab of the login_form skin you just modified and grant
"access contents information" and "View" permissions to Anonymous. Then go
the "Proxy" tab, select "Authenticated", and save changes.

That's all. If you're calling other resources like images, javascripts or
css files, don't forget to enable them as in 3 (without the proxy related
part, because they don't perform anything by itselves). Error messages can
be handled within your custon login_form. You'll find out how  :)


Ausum


----- Original Message -----
From: "Paul Winkler" <pw_lists@slinkp.com>
To: <zope-cmf@zope.org>
Sent: Monday, August 26, 2002 3:41 PM
Subject: Re: [Zope-CMF] Please help!!!!: Restrict entering pages to
Anonymous users


> On Mon, Aug 26, 2002 at 05:29:00PM -0300, mcolli@SyscomCipher.com.ar
wrote:
> > Ok, so How can I do to prevent an anonymous user to access to a page
from a
> > link?
> >
> > If I put it in private status nobody can access...
> >
> > How can I force the login page to appear for especial pages, accesible
only
> > for members?
>
> Pretty basic Zope question... doesn't really have to do with CMF per se...
> Go to the zope management interface. Go to the "Security" tab
> for the objects in question.  Disable View permission for "Anonymous
> User", disable acquisition for "View", and enable View permission
> for Member.
>
> Better: organize your objects in folders such that objects with
> the same permission go in the same folder. Do the above for
> the folder's security settings; then you can leave each object
> in the folder alone, and it will acquire security settings from
> the parent folder.
>
> --
>
> Paul Winkler
> "Welcome to Muppet Labs, where the future is made - today!"
>
> _______________________________________________
> Zope-CMF maillist  -  Zope-CMF@zope.org
> http://lists.zope.org/mailman/listinfo/zope-cmf
>
> See http://collector.zope.org/CMF for bug reports and feature requests
>