[Zope] ZRTChat and authentication - protected folder knowledge?

Jim Washington jwashin@vt.edu
Fri, 24 Dec 1999 13:17:35 +0000


I sent this yesterday and the net was acting weird, and I am pretty sure
it did not really go out, but apologies if you get this twice...

julio dinis wrote:
> 
> Hi Jim, your mission if you accept it... :-)

OK
 
> Right now we are integrating the ZRTChat with other
> classes to achieve our specific goals, and had not already worked a lot on
> the ZRTChat, but as soon as we make new features we post on the list.
> 
> One feature we would like is to force user authentication, to avoid
> duplicate nicks logged at the same time, and with a password to avoid
> another person to use your nickname and then being able to chat on your
> behalf.

The easy answer is to replace the value of the zrtcuser variable where
it shows up in <input type=hidden> in ZRTChatClass.formframe to
something like <dtml-var "_[AUTHENTICATED_USER.GetName()]">, then put
the chat item in a protected folder, and let Zope take care of
authentication.  This would require additional minor modifications to
formframe to get rid of the login and make a different action for the
logout button.

For a general solution, I would probably put a "zrtc_secure_chat"
boolean in the management interface and recode a bit with <dtml-if
zrtc_secure_chat> 

Perhaps this switch is not necessary: Is there an easy way for an object
to
know whether it is in a protected folder?

-- Jim Washington