[Zope] Stupid User Access Question

Tony McDonald tony.mcdonald@ncl.ac.uk
Fri, 11 Feb 2000 16:44:47 +0000 

At 10:59 am -0500 11/2/00, James W. Howe wrote:
>I have some confusion over how to build a web site in Zope which 
>allows people to access the site either as a "normal" web site, or 
>to access it for the purpose of maintenance.  An example of this 
>might be something like zope.org.  I can visit www.zope.org and 
>never be prompted for a password.  I can visit all "public" sections 
>without seeing a prompt.  Yet I know that there is a management 
>interface underneath.  How is this handled?  Another thing I would 
>like to do (I think) is establish a "registered" user type.  A 
>registered user would be able to see more content than just the home 
>page.  When an attempt is made to access a "registered user" page by 
>an unregistered user, I want to display a login page rather than a 
>basic auth dialog.  Can I do something like this with a Generic User 
>Folder?
>
>Thanks
>
>James W. Howe				mailto:jwh@allencreek.com

1) There are no stupid questions
2) This may be a stupid answer, as authentication/User Access can get 
sticky....

Basically you add '/manage' to the end of urls. You'll then be 
prompted for a username/password (which is usually be the 
username/password pair in the 'access' file in the Zope directory). 
If additional users are defined in acl_users with the role 'manager' 
then they too can authenticate in this way.

Alternatively, *you* can add restraints to people using the site. 
This is done by turning off  'Acquire Permission Settings' for the 
'View' permission on a file or folder. You then turn on the 
permission for the 'Owner' role. When someone tries to access that 
file, they'll get the standard authentication dialog box pop up. If 
they are in the acl_users folder with role Owner they can get in by 
filling in the boxes.

If you want authentication *in the HTML page itself* you MUST use 
something like UserDB or Generic User Folder, so you're correct 
there. The first one requires access to an SQL database (basically 
you edit the docLogin *property* in the acl_users folder). I have no 
experience with Generic User Folder, but it seems pretty good.

Check out the HowTos for more details James, it's not too difficult 
to get some quite sophisticated permissions setups running under Zope 
(certainly much finer grained than a Unix system for example)!

HTH
Tone (who's 'doing his bit' for getting two answers today! :)
------
Dr Tony McDonald,  FMCC, Networked Learning Environments Project 
http://nle.ncl.ac.uk/
The Medical School, Newcastle University Tel: +44 191 222 5888
Fingerprint: 3450 876D FA41 B926 D3DD  F8C3 F2D0 C3B9 8B38 18A2