[Zope] user roles in standard_error_message

Chris McDonough chrism@digicool.com
Fri, 11 May 2001 08:28:08 -0400

Hi Danny,

I think what you're running into is the fact that if a Zope method
requires no authorization (as per the permission settings of the
method), the security machinery shortcuts and doesn't try to
authenticate.  The user executing the method is always considered to be
the "anonymous user".

One way to fix this would be to add a different standard_error_message
to the folder which contains the members-only area than the one that is
in the root.

Danny William Adair wrote:
> Hi!
> While customizing my standard_error_message, I ran into a little problem:
> Someone with the role "Member" is logged in and tries to access a resource
> that does not exist. Same could happen to someone who doesn't have that
> role (Anonymous). Now I have two different style sheets for members and
> non-members: A member might click on a broken link from within the
> members-only area (having a... pink background), the anonymous user clicked
> the same broken link from a publicly accessible area of the site (having
> a... silver background). I would like to keep the different background
> colors when showing my error message so I put a
> <dtml-if "AUTHENTICATED_USER.has_role('Member')">
> <dtml-var "members_css">
> <dtml-else>
> <dtml-var "public_css">
> </dtml-if>
> in the head section of standard_error_message (these *_css are ZStyleSheets)
> My problem is, that it's always the public_css that will show up.
> So I checked with
> <dtml-var "AUTHENTICATED_USER.getRoles()">
> in both the members area and standard_error_message. To my surprise the
> member role was gone:
> In the members area getRoles() returned
> ('Member',)
> while in standard_error_message ( _.str(error_type)=='NotFound' ) it returned
> ('Anonymous',)
> btw, the role is not really "lost", I can go back to the members area and
> click through members-only pages without problems.
> What's happening?
> This looks like buggy, naughty misbehavior :-), doesn't it?
> tia,
> Danny
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )