[Zope-dev] No more access to username

Beat Rubischon beat at 0x1b.ch
Fri Feb 3 08:10:54 EST 2006


Hello!

Until Zope 2.8.3 it was possible to access to the name of the logged in 
user also in a public accessible method. A thing I used quite often is 
hiding links which were not accessible for an anonymous user but show 
them in case the user has authenticated itself somewhere else in the site:

<dtml-if "AUTHENTICATED_USER.has_role('Manager')">
| <a href="manage">Manage</a>
</dtml-if>

This no longer works in Zope 2.8.5 (2.8.4 is untested) and Zope 2.9.0.

AUTHENTICATED_USER or _.SecurityGetUser().getUserName() is set to 
"Anonymous User" as long as the method does not require a login. When a 
login is reqired, AUTHENTICATED_USER is filled correctly but a 
unpriviledged user is no longer able to access the document.

I'm not sure if I should see this as a bug or a feature and I was not 
able to find the change in a diff of the sources. Could you tell me more 
about this behavior?

Beat

-- 
      \|/                           Beat Rubischon <beat at 0x1b.ch>
    ( 0^0 )                             http://www.0x1b.ch/~beat/
oOO--(_)--OOo---------------------------------------------------
Meine Erlebnisse, Gedanken und Traeume: http://www.0x1b.ch/blog/


More information about the Zope-Dev mailing list