[Zope] Embedding authentication in a Zope Website

Chris McDonough chrism@digicool.com
Tue, 20 Jun 2000 11:44:38 -0400 

> Chris,
> 
> Thanks for the speedy reply. I appreciate it.
> 
> The questions I have now is how do you:
> 
>  1) give users the opportunity to log in... where do you actually do
> authentication? is there a url they must point to? should I 
> be calling any
> python functions, or perhaps writing my own dtml methods to 
> aquire their
> credentials?

You protect an object using permissions and roles.  Once they hit an
object that requires authentication, they'll be prompted to log in.  For
example, you might want to create a role named 'Bleah' and assign a
bunch of users to that role.  Then protect a folder 'Foo' by assigning
the 'View' permission to the 'Bleah' role.  When users navigate to
'Foo', they'll be prompted for a login.  If they have the 'Bleah' role,
and they enter the proper username/password combo, they'll be permitted
access.  If they don't have the 'Bleah' role, or if they do not enter a
proper username/password combo, they'll be denied access.

You may also want to check out the new Zope 2.2 release that has
context-sensitive help for most of this stuff via the 'Help' button on
the page.

>  2) how can you seperate your userlists for your web sites 
> from your user
> list for zope administration, especially considering you will probably
> want users to be able to access multiple trees equally?

You don't, a user with management privileges (e.g. the "Manager" role)
is just another user.. it's just that he/she has mangement privileges
while others may not.

> Any advice appreciated. In the meantime, I am looking through 
> as many FAQs
> and HowTos as I can find at the main site.

The help system is good here too.



> > Knight,
> > 
> > The primary way of obtaining the credentials of the 
> currently logged in
> > user is through the AUTHENTICATED_USER attribute of the 
> REQUEST object,
> > ala:
> > 
> > <dtml-unless "REQUEST.AUTHENTICATED_USER.getName() == 'Anonymous'>
> >    Important stuff
> > </dtml-unless>
> >    Unimportant stuff.
> > 
> > You probably don't want to hardcode too much of this stuff 
> into DTML,
> > this is what permissions assigned to objects and roles 
> assigned to users
> > are for.  Read the content manager's guide for more information on
> > permissions and roles.
> > 
> > The subject is a big one.  I'e never used MySQLuserfolder, 
> so I can't
> > give you much info on that in particular.  I assume it operates much
> > like the "basic" user folder that comes 'preinstalled' in 
> the Zope root
> > folder, in which case you'll need to read up on AUTHENTICATED_USER. 
> > Searching the Zope.org site for "AUTHENTICATED" should turn 
> up a bunch
> > of hits (although AUTHENTICATED_USER will probably not because of
> > limitations in our cataloging engine).  The How-tos that you'll find
> > through this search are probably good for this sort of 
> thing as well.
> > 
> > knight wrote:
> > > 
> > > Greetings,
> > > 
> > > Please bear with me, I'm still slightly new to Zope, but 
> I'm pretty up on
> > > the structure, miscellaneous administration, etc. I'm 
> also beginning to do
> > > well with Python development.
> > > 
> > > I wanted to start adding authentication to my site via 
> HTML forms, and I
> > > saw mysqlUserFolder. There aren't any real docs that come 
> with it. More or
> > > less, a README that explains the feature set of the 
> Product is all that it
> > > has.
> > > 
> > > Installing mysqlUserFolder wasn't the problem. The problem is now
> > > dynamically outputting content based upon login 
> information. How do I
> > > manipulate who is logged in? How do I check to see if a 
> user is logged in,
> > > etc? Do I need to read some plain zope authentication 
> docs? If so, please
> > > point me in the right direction.
> > > 
> > > What do I embed in my DTML in order to check for authentication?
> > > 
> > > I really appreciate the help... The Zope documentation is 
> still a little
> > > out of order, and slightly confusing to navigate.
> > > 
> > > Knight
> > > 
> > > _______________________________________________
> > > Zope maillist  -  Zope@zope.org
> > > http://lists.zope.org/mailman/listinfo/zope
> > > **   No cross posts or HTML encoding!  **
> > > (Related lists -
> > >  http://lists.zope.org/mailman/listinfo/zope-announce
> > >  http://lists.zope.org/mailman/listinfo/zope-dev )
> > 
>