[Zope] Getting an authenticated user out of context
Dieter Maurer
dieter@handshake.de
Fri, 14 Feb 2003 20:23:13 +0100
Crosbie Fitch wrote at 2003-2-14 09:38 -0000:
> ...
> If a browser navigates to the root of my site, they are anonymous (with
> respect to the top level acl_users).
>
> If they login via a subfolder (having its own acl_users), they are
> authenticated in that subfolder and lower, etc.
>
> However, if they navigate back to the root, they are again anonymous (in
> that context), but returning to the subfolder, they are still authenticated.
>
>
> Q.1) Is it possible for pages at the root level to obtain the user info with
> respect to the subfolder's acl_users rather than that of the root's?
Zope authentication happens at the end of traversal, starting
with the object reached during traversal.
It goes back from this object until it find an "acl_users"
that can authenticate the user with the required permissions.
You may be able to get user information from an "acl_users"
in a deeper hierarchy in a high level object if you accesse
it through the deeper hierarchy and it requires permissions
not granted in the root "acl_users".
However, I fear it will not work because Zope later explicitly
restricts permissions to objects in the subhierarchy governed
by the authenticating "acl_users" (for security reasons).
An additional problem:
When you are using HTTP authentication, the browser
may not even send authentication information to higher
hierarchy levels than that you have explicitely logged in.
I do not have much hope for your wish....
Dieter