在 zope 中重定向某些角色的简单方法
我的 zope 2 站点中有一个部分在“内容”和站点范围宏之间使用临时宏。 我不想对文件夹应用安全性,但如果用户尝试加载使用该文件夹的页面,我希望临时宏将用户重定向到登录屏幕。
一个例子是这样的:
page_html包含内容,它使用special_template中的宏,然后插入standard_template中的宏。 因此我希望它重定向到登录屏幕。 如果 page_html 没有使用special_template,而是直接进入standard_template(这是网站上大多数页面所做的),我不希望它重定向。
我怎样才能做到这一点?
I have a section of my zope 2 site which uses an interim macro between the 'content' and the site-wide macro. I don't want to apply security to the folder, but I would like the interim macro to redirect users to a login screen if they try to load a page that uses it.
An example of this would be this:
page_html contains the content, it uses the macro in special_template, which then slots into a macro in standard_template. Therefore I want it to redirect to the login screen. If page_html didn't use special_template, but went straight to standard_template (which is what most of the pages on the site do), I would not want it to redirect.
How could I achieve this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
首先,为什么不重组您的站点,将所有这些需要身份验证的页面放在您可以使用 Zope 权限保护的位置呢? 自定义(本地)工作流程可以逐个州和逐个位置地应用权限,从而使用 Zope 自己的自动身份验证框架。 如果您不使用工作流,自定义类型仍然可以应用 URL 空间中低于该类型的任何内容所获取的权限。
您可以创建一个方法(Zope3 视图、皮肤层中的 Python 脚本、采集上下文中内容类的方法、外部方法,按最佳实践的粗略顺序),该方法通过以下方式从special_template 宏中调用: tal:define 语句。 我将在这里将输出分配给一个虚拟变量,因为您不关心它,我们将使用它来消除它的副作用。 以下示例假设您已采用 Z3 视图方式:
这将实例化使用名称
redirect_if_anonymous
注册的视图。 然后,您可以在该视图中使用标准 Zope API 方法或 cookie 测试来测试您的 Web 访问者是否已通过身份验证,具体取决于您的应用程序。 这是一个标准的 API 示例,它将引发 Unauthorized 来强制登录。如果您想要的只是重定向到另一个位置,只需使用response.redirect():
如果您想首先测试cookie,cookie是请求变量的一部分:
First of all, why not restructure your site to put all these pages that require authentication in locations you can protect with Zope permissions? A custom (local) workflow can apply permissions on a state-by-state and location-by-location basis, thus using Zope's own automatic authentication framework. If you don't use a workflow, a custom type can still apply permissions that are acquired by anything below it in URL space.
You can create a method (a Zope3 view, a Python Script in a skin layer, a method on a content class in your acquisition context, an External Method, in rough order of best practices) that is called from your special_template macro by means of a tal:define statement. I'll assign the output to a dummy variable here because you don't care about that, we'll use it for it's side effects. The following example assumes you've gone the Z3 view way:
This will instanciate the view registered with the name
redirect_if_anonymous
. In the view you can then test if your web visitor has been authenticated, using standard Zope API methods or a test for a cookie, depending on your application. Here is a standard API example, it'll raise Unauthorized to force a login.If all you want is a redirect to another location, simply use response.redirect():
If you want to test for cookies first, cookies are part of the request variables: