-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/11/2010 08:21 PM, Laurence Rowe wrote: > I'm currently implementing single sign on across Plone sites but have > run into a bit of an issue with the CookieAuthHelper. > > Unauthorized accesses are redirected to its login_path attribute even > when a user is already logged in. Plone works around this with a > require_login script that traverses to insufficient_privileges (rather > than login_form) when the user is not anonymous. > http://dev.plone.org/plone/browser/Plone/trunk/Products/CMFPlone/skins/plone_login/require_login.py > > I'd like to avoid having two redirects (one to require_login and then > one to the remote login page). > > One option (as suggested in require_login.py) would be to have > CookieAuthHelper traverse rather than redirect to the login_path so > that sites could override the behaviour, though they would then > presumably need to duplicate the functionality currently in > CookieAuthHelper.unauthorized (which I must admit to only barely > understanding...) > http://zope3.pov.lt/trac/browser/Products.PluggableAuthService/trunk/Products/PluggableAuthService/plugins/CookieAuthHelper.py > > Instead, it would seem to make sense to move this functionality login > / insufficient privileges functionality into the CookieAuthHelp > itself. I could add an insufficient_privs_path and redirect there > instead of login_path when a user is already authorized. > > Yet another option would be to let logged in unauthorized to percolate > up and implement that page with an error view. > > Any opinions? I'm leaning towards adding an insufficient_privs_path as > it seems simplest and least invasive. (When not set it would just use > login_path as normal).
Please do this kind of disruptive change in a *new* plugin, perhaps subclassed from the existing one. The whole point of plugins in the first place was to allow for folks with different needs to handle them by replacement. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tsea...@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAky123AACgkQ+gerLs4ltQ7L+wCZASZR/p9/K/0W+/Yski/6nMBp LkQAnj6nCfaq+1oTXK4JRgxvqxpxPE5n =Fh3T -----END PGP SIGNATURE----- _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )