[Zope-dev] Login/Authentication/Authorization tools wrt SquishDot

Neal Holtz nholtz@DocuWeb.ca
Wed, 25 Aug 1999 09:07:45 -0400 (EDT)


See standard apologies below.

I'm quite interested in using SquishDot as a base for web page support
for university-level courses that I teach.  I like the article-based
discussion groups and the general slashdot-like presentation.  I'm
willing (at this stage) to do whatever Python and DTML programming is
required for the special needs for course pages (there shouldn't be
all that much).

I also like the security model - I can define roles for Instructors,
Teaching Assistants, Registered Students and Anonymous Guests, etc.,
with different rights for each.

A couple of things I need though:

 1. A way to identify in DTML the rights of the current user, so 
    pages can be adapted.  I would like to get the loginId for the
    user, but more important, I think, would be just a way to
    test for various roles.  EG: "is the current user a registered
    student?", etc.

    A Quick reading of Publish.py (in Zope 1.10.3) seems to show all
    the authorization logic deeply bound into method 'publish', and
    it would be nice to have that brought out into a separate method.

 2. A way to import a few hundred userids, passwords, and roles,
    from our own registration databases.  Or would it be better
    to let the webserver authenticate people? - I was going to let
    Zope do it.

 3. A way to have a 'login' link that allows a user to change their
    identities at any time (more useful for me during testing, but I
    would like anyone to be able to view pages anonymously at
    any time, but only have to login when they wish to post an
    unmoderated response to an article.

I haven't seen any obvious way to do any of this.  Did I miss
something?  Is anyone else working on something similar?  If this is
already documented somewhere (if only in Python code), pointers to
that would be just fine.


Standard Apologies:
I'm pretty new to Zope, and I haven't exhaustively searched the mail archives,
so my apologies if its already been covered.  Time is running out, the first
day of classes approaches all too quickly ...
	
I'm a competent programmer, and not afraid to get my hands dirty ...

thanks
neal

-- 
Neal Holtz                             http://www.docuweb.ca/~nholtz
Dept. of Civil and Environmental Engineering,   Carleton University,   
Ottawa, Ontario, Canada K1S 5B6.                   nholtz@docuweb.ca