[DM] Refactor the ZPublisher's authentication code into a method to make it usable from the outside.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 2 |
Invalid
|
Wishlist
|
Unassigned |
Bug Description
2. Introduction
Zope's ZPublisher performs authentication at the end of the traversal.
For some applications, this is too late. An example is the setting of skins based on the user's authentication state (authenticated users see the site differently from unauthenticated users). For other applications, a preliminary check might be important to prevent access to services at the place where this special purpose is set up. An example is our ZopeRpc which wants to protect RPC use with a special permission. ZopeRpc therefore preliminary authenticates the user and checks that he has the required permission.
ZPublisher's authentication code is currently inline and not easily reusable for preliminary authentication.
3. Feature
Put ZPublisher's authentication code into the (new) method ZPublisher.
This allows to easily reuse it for prelimary authentication.
Changed in zope2: | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
The zope2 project on Launchpad has been archived at the request of the Zope developers (see https:/ /answers. launchpad. net/launchpad/ +question/ 683589 and https:/ /answers. launchpad. net/launchpad/ +question/ 685285). If this bug is still relevant, please refile it at https:/ /github. com/zopefoundat ion/zope2.