[DM] Post authentication hook
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 2 |
Invalid
|
Wishlist
|
Unassigned |
Bug Description
2. Introduction
Sometimes, it is useful to check non standard web access permissions at a central place. We use this e.g. in "iDesk" to check license validity on any access to an "iDesk" product -- whether directly to the product itself or to an arbitrary resource inside the product. Another use case it to prevent web access to subhierarchies under some conditions -- e.g. to Redaktionsportal from the external internet.
3. Feature
Check at the end of ZPublisher traversal whether there is a post_authentica
4. Example Use Cases
*
Products.
o to perform license checks
*
An appropriate post_authentica
o
prevent general internet access to Redaktionsportal
5. Notes
* The feature is unsafe in environments where users can create
o objects with arbitrary ids as then the protection can be locally disabled by creating an
object with id post_authentica
* This feature is likely to break for the non acquisition aware
o Zope 3 views. Looks like we must use something else (and implement the iDesk license checks differently).
*
ZPublisher implements a similar feature post_traverse.
o
It can be used to partially emulate the post_authentica
+ the hooks need to be dynamically added on each request.
+ several post traverse hooks may interfere with one another.
* Similar functionality might be implemented with an event and
o local subscriptions. I am unsure about the precise semantics of local subscriptions. Only if subscriptions deeper in the hierarchy can hide corresponding subscriptions higher up, this functionality could be used
to implement post_authentica
Changed in zope2: | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
The zope2 project on Launchpad has been archived at the request of the Zope developers (see https:/ /answers. launchpad. net/launchpad/ +question/ 683589 and https:/ /answers. launchpad. net/launchpad/ +question/ 685285). If this bug is still relevant, please refile it at https:/ /github. com/zopefoundat ion/zope2.