[Zope] newbie question

Dyon Balding dyon.balding@eng.monash.edu.au
Sat, 09 Oct 1999 09:56:13 +1000


Tony McDonald wrote:
> 
> At 3:25 pm +1000 8/10/99, Terry Kerr wrote:
> >Hi,
> >
> >It is probably really easy, but how do I restrict access to
> >surfers...like the .htaccess does in apache?  I cannot find any
> >documentation on this.
> >
> >terry
> 
> It isn't that easy actually - it's a bit of a fiddle.
> 
> 1) in the acl_users folder *above* where you want to deny access to,
> create a user 'AnonUser' with no password and domain = '*.*.*.*'
> 2) in the acl_users folder where you want access denied to, create a
> user 'AllowedUser' with no password and domain '*.your.domain'
> 3) In the standard_html_header in the second folder add some dtml code
> 
> <dtml-if "_.str(REQUEST['AUTHENTICATED_USER'])=='AnonUser'">
> <dtml-call "RESPONSE.redirect('denied')">
> </dtml-if>
> <html>
> etc etc
> 
> and create a DTML method called 'denied' that explains to the person
> what's going on. *Don't* use standard_html_header in the 'denied'
> method as you'll get infinite recursion.
> 
> This is a bit of a faff  - I may well look at Apache rewrite rules to
> restrict access to a site as a whole.
> 

that's pretty damn convoluted, our site, which i feel would be well
suited to zope development requires quite a bit of authentication.  we
are a university department, and currently use an apache ldap module to
authenticate.  we have sections of the site that need to be limited to
the department only, and other sections that need to be limited by other
groups.

zope's authentication for management seems good, but there must be an
easier way to limit user access.

any pointers?

-d

-- 
Dyon Balding   [titus@dags.cc.monash.edu.au]
         phone: +61 0414992604
Monash University, Melbourne, Australia.