[Zope-dev] Login/Authentication/Authorization tools wrt SquishDot

Andreas Kostyrka andreas@mtg.co.at
Wed, 25 Aug 1999 15:00:03 +0200 (CEST)


On Wed, 25 Aug 1999, Neal Holtz wrote:

>  1. A way to identify in DTML the rights of the current user, so 
>     pages can be adapted.  I would like to get the loginId for the
>     user, but more important, I think, would be just a way to
>     test for various roles.  EG: "is the current user a registered
>     student?", etc.
has_role, has_permission are methods of the AUTHENTICATED_USER.

>  2. A way to import a few hundred userids, passwords, and roles,
>     from our own registration databases.  Or would it be better
>     to let the webserver authenticate people? - I was going to let
>     Zope do it.
Well, you should then probably write or develop a UserFolder class that
authenticates against your existing databases :)

>  3. A way to have a 'login' link that allows a user to change their
>     identities at any time (more useful for me during testing, but I
>     would like anyone to be able to view pages anonymously at
>     any time, but only have to login when they wish to post an
>     unmoderated response to an article.
Well, a login link is no problem. But changing userid is difficult with
Basic Authentication as is: As long your rights suffice, you have to kill
the browser. If the permissions are not enough, you will be prompted
automatically for a new userid.

> I haven't seen any obvious way to do any of this. Did I miss
> something?  Is anyone else working on something similar?  If this is
> already documented somewhere (if only in Python code), pointers to
> that would be just fine.

Well, just look at the source code :)

Andreas
--
Andreas Kostyrka                     | andreas@mtg.co.at
phone: +43/1/7070750                 | phone: +43/676/4091256   
MTG Handelsges.m.b.H.                | fax:   +43/1/7065299
Raiffeisenstr. 16/9                  | 2320 Zwoelfaxing AUSTRIA