[Zope] exUserFolder will not redirect to login page

Gaute Amundsen gaute at div.org
Tue Dec 6 12:03:32 EST 2005 

On Saturday 03 December 2005 01:30, Andrew Milton wrote:
> +-------[ Gaute Amundsen ]----------------------
>
> | > Since your index_html and docLogin both seem to require permissions to
> | > view,
> |
> | No, no, and NO again. docLogin noes NOT require permission.
> | I can access it without problem. If I cold not this would probably be a
> | simple problem, and I would not be posting to the list.
> |
> | > I would check to make sure that your 'header' and 'footer' items
> | > aren't doing something restricted.
> | >
> | > If you're using DTML, then I'd check that standard_html_header and
> | > standard_html_footer.
> | >
> | > Make sure that in addition to the 'View' permission that also the
> | > 'Access Contents information' permissions are set for Anonymous
> | > on headers, footers and docLogin (and index_html if required).
> |
> | I am sorry, but I have been down that path numerous times, and it is all
> | in order.
> |
> | I remove 'view' permission for anonymous from a folder or index.html file
> | way below acl_users, and I get the described problem when I try to access
> | it. I restore that permission, and everything displays properly.
> | If I go to acl_users/docLogin directly, I can log in with cookies, and
> | everything works fine. I believe that neatly eliminates the concerns you
> | raise here.
>
> Not really d8) The primary cause for getting a Basic Auth Pop is because
> your login form is attempting to do something that an Anonymous user
> doesn't have permission to do. 

Hm.. 
so if I have /foo/bar/baf/, and baf/ is protected, but I can 
view /foo/acl_users/docLogin, you think that docLogin still could be trying 
to touch something restricted? 

Upgraded to 0_20_1 now, but sill the same behavor.
When I create an index.html inside acl_users it displays without complaint as 
well.
I created a new acl_users from scratch, but no difference.

> There's another acl_users between 
> exUserFolder and the content item (so it's getting the wrong user folder,
> unlikely in this case), or you have an item in  your page, header, or
> footer that is duplicated at a lower level that has permissions missing..

You mean that /foo/bar/baf/index.html refers to /image.jpg which is 
outside /foo/acl_users/ "jurisdiction", and that triggers the Basic Auth Pop, 
after login succeeded and redirected to /foo/bar/baf/index.html?

But if I remove the protection on baf/ and /foo/bar/baf/index.html then does 
not trigger the B.A. pop, how could that be? 
I suppose /image.jpg could be restricted for authenticated users, but not for 
anonymous, but that seems rather farfetched, and would not the error message 
indicate that?

> E.g /a/b/c/docLogin  works fine, but, /a/b/c/d/e/docLogin doesn't because
> something at /a/b/c/d or lower is locked for Anon users, but, isn't at
> /a/b/c

In my terms: that image.jpg exists both at / and at /foo/bar/baf/, and that 
the last one is restricted beyond what I have access to even after having 
been sucsessfully logged in via /foo/acl_users/?

> Does that make sense ?

Sort of :)

"successful login makes acquisition pick up something that is still 
restricted, and this triggers a B.A. pop before anything is displayed"
Is that about it?

Only it is slightly beside the point since my problem is not after login, but 
before. In other words that given /foo/bar/baf/index.html with baf/ 
restricted and the nearest UF at /foo/acl_users/, when I 
try /foo/bar/baf/index.html, I do not get redirected 
to /foo/acl_users/docLogin, but get the B.A. pop.

I suppose something in the redirect part could be triggering the ba pop, sort 
of "on the way" to /foo/acl_users/docLogin.

Ther is one on indication something like this is afoot, and that is that after 
I enabled debug messages after upgrading, the log reports two times in a row:
DEBUG(-200) exUserFolder identify returned None, None
with exactly the same timestamp.

I will look into this now..

> | I was hoping it would be a product that many would be familiar with, and
> | that as such it wold be a good reference point to grapple with the more
> | general principles. Noting beats assistance from the author of course,
> | but please don't insist on treating this as a newbee question :)
>
> Maybe if you saw my INBOX you'd understand d8)

Well, I can imagine :)
These are not easy matters to write clearly and simlpy about, but I hope this 
is better.

Thanks for your patience :)

G.

-- 
-- -----------------------------------------------------------------
  Gaute Amundsen               "Technology today is the campfire
  gaute at div.org               around which we tell our stories.
                                          There's this attraction to light
                                          and to this kind of power, which is
                                           both warm and destructive."

                                               Laurie Anderson
 http://www.div.org
--------------------------------------------------------------------

More information about the Zope mailing list