[Zope-dev] AUTHENTICATION_USER in standard_error_message cause by NotFound error

Tim Ansell mithro@senet.com.au
Thu, 11 Jan 2001 04:53:00 +1030


This is a multi-part message in MIME format.
--------------7EEF6E5F4C42011A796CD009
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Forgot to attach the diff....

Forgive me it's 4:52am here....

Mithro

Tim Ansell wrote:

> Oppps, just realised i've been replying only to myself :)
>
> Umm okay here is the diff, it is from version 2.2.4 but should apply to most
> versions....
> I have removed all the "print" debugging and cleaned up the formatting.
>
> Could people look it over and tell me if there are any hidden problems with it?
> Is it done the right way?
>
> There seems to be a lot of repeated code between zpublisher_exception_hook and
> ZPublisher.BaseRequest, maybe you want to put the auth stuff into it's own
> function and work that way? Just an idea...
>
> Mithro
>
> > Tim Ansell wrote:
> >
> > > No further investigation i have found out that the part i really want to
> > > modify is
> > >
> > >  zpublisher_exception_hook, which gets called when the error occurs
> > >
> > > Inside this functions there is a
> > >
> > >         if REQUEST.get('AUTHENTICATED_USER', None) is None:
> > >             REQUEST['AUTHENTICATED_USER']=AccessControl.User.nobody
> > >
> > > which seems to explain why i'm getting the anonymous user for the errors.
> > >
> > > Is there anyway to add to this function the authentication routines so that
> > > is AUTHENTICATED_USER is none it authentication is check with
> > > standard_error_message being the object checked against?
> > >
> > > Am i making any sense?
> > >
> > > I'm going to give it a go and see what happen...
> > >
> > > Mithro
> > >
> > > Tim Ansell wrote:
> > >
> > > > <newbie alert>
> > > >
> > > > Hello.
> > > >
> > > > I've been using zope for a couple of months, i have found zope to be a
> > > > great product and thank you for creating it. Currently i have run into a
> > > > problem, i need to access the AUTHENTICATED_USER in a
> > > > standard_error_message called by notFoundError in BaseRequest.
> > > >
> > > > I was wondering if the authentication routine can be added before the
> > > > authentication routine in BaseRequest? Or if this is not possible it
> > > > could be split into a function and and call it before the notFoundError
> > > > call as well?
> > > >
> > > > There are many reasons you might want to do this, i have listed some
> > > > below:
> > > >
> > > > * You want list possible urls the reader could have meant but don't want
> > > > to show let Anonymous users see possible privileged urls
> > > >
> > > > * You want to provided different error messages for different people,
> > > > i.e. a more advanced error for coders, a simple error for html writer, a
> > > > special error for normal people
> > > >
> > > > * You wanted errors to only be reported it they where caused by certain
> > > > users
> > > >
> > > > and the list could go on....
> > > >
> > > > Mithro
> > > >
> > > > </newbie aler>
> > > >
> > > > _______________________________________________
> > > > Zope-Dev maillist  -  Zope-Dev@zope.org
> > > > http://lists.zope.org/mailman/listinfo/zope-dev
> > > > **  No cross posts or HTML encoding!  **
> > > > (Related lists -
> > > >  http://lists.zope.org/mailman/listinfo/zope-announce
> > > >  http://lists.zope.org/mailman/listinfo/zope )
>
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope )

--------------7EEF6E5F4C42011A796CD009
Content-Type: text/plain; charset=us-ascii;
 name="SEM_auth.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="SEM_auth.diff"

--- ./__init__.py.org	Thu Jan 11 04:39:25 2001
+++ ./__init__.py	Thu Jan 11 04:37:24 2001
@@ -162,6 +162,9 @@
 class RequestContainer(ExtensionClass.Base):
         def __init__(self,r): self.REQUEST=r
 
+from ZPublisher.BaseRequest import old_validation
+UNSPECIFIED_ROLES=''
+
 def zpublisher_exception_hook(
     published, REQUEST, t, v, traceback,
     # static
@@ -208,11 +211,79 @@
                 break
 
         client=published
+
+	auth=REQUEST._auth
+
+        user=groups=None
+
+        while 1:
+	    if REQUEST.get('AUTHENTICATED_USER', None) is None:
+                # Do authentication here....
+		r = getattr(client, '__roles__', UNSPECIFIED_ROLES)
+	        if r is not UNSPECIFIED_ROLES:
+                    roles = r
+                elif not got:
+                    roles = getattr(client, entry_name+'__roles__', roles)
+
+                if roles:
+                    if hasattr(client, '__allow_groups__'):
+                        groups=client.__allow_groups__
+                        
+                        if hasattr(groups, 'validate'): v=groups.validate
+                        else: v=old_validation
+                        
+                        if v is old_validation and roles is UNSPECIFIED_ROLES:
+                            print "Validation and UNSEPCIFIED_ROLES is okay"
+                            # No roles, so if we have a named group, get roles from
+                            # group keys
+                            if hasattr(groups,'keys'): roles=groups.keys()
+                            else:
+                                try: groups=groups()
+                                except: pass
+                                try: roles=groups.keys()
+                                except: pass
+                                
+        	                if groups is None:
+	                            # Public group, hack structures to get it to validate
+	                            roles=None
+	                            auth=''
+                                    
+                            if v is old_validation:
+                                user=old_validation(groups, request, auth, roles)
+                	    elif roles is UNSPECIFIED_ROLES: user=v(request, auth)
+    	                    else: user=v(REQUEST, auth, roles)
+
+	                    if hasattr(client, '__allow_groups__') and user == None:
+                                groups=client.__allow_groups__
+                                if hasattr(groups,'validate'):
+                                    v=groups.validate
+                                else:
+                                    v=old_validation
+                                    if v is old_validation:
+                                        user=old_validation(groups, REQUEST, auth, roles)
+                                    elif roles is UNSPECIFIED_ROLES:
+                                        user=v(REQUEST, auth)
+                                    else: 
+                                        user=v(REQUEST, auth, roles)
+                                        
+                if user is not None:
+                    REQUEST['AUTHENTICATED_USER']=user
+
+            try:
+                client=getattr(client, 'aq_parent', None)
+                if client is None: raise
+            except:
+                break
+
         while 1:
             if getattr(client, 'standard_error_message', None) is not None:
                 break
+            try:
             client=getattr(client, 'aq_parent', None)
             if client is None: raise
+            except:
+                break
+
 
         if REQUEST.get('AUTHENTICATED_USER', None) is None:
             REQUEST['AUTHENTICATED_USER']=AccessControl.User.nobody

--------------7EEF6E5F4C42011A796CD009--