[Silva-general] https

David Gillies d.gillies at ucl.ac.uk
Tue Nov 10 14:34:03 CET 2009


Hi Andy,

Been working on this on and off for a bit.  Had some partial success.   
I used a __before_publishing_traverse__ function based on SilvaObject  
to test for the required permissions then redirect to https.  This  
causes a double login, first via http then https.  I think I can abort  
the first transaction though.  Is this how you saw this working?

Another issue is the external sources.  They don't work as  
get_extsource_url calls for the absolute_url of the code source which  
is returned with a http address.  The get_rendered_form_for_editor  
request is then an http request and doesn't work in an https page.  Is  
there an easy way round this?

david

On 24 Sep 2009, at 03:30, Andy Altepeter wrote:

> Hi David,
>
> It's been awhile, so let me try and summarize:
>
> 1) You are using a zmi-based layout, and want to redirect to https  
> when an
> area of Silva requires authentication.
> 2) you want to redirect to http BEFORE authentication
>
> I don't think that, using the approach I suggested, it is possible  
> to do this
> before authentication.  The reason is that checking this in the  
> layout_macro
> (or such) will always happen AFTER access to the resource is
> authenticated/authorized.
>
> So, if this is an important requirement and you cannot switch to  
> SilvaLayout,
> you may want to consider adding a __before_publishing_traverse__  
> method to
> SilvaObject.  In this method you can check access as I suggested, and
> redirect to http if needed.  See:
> http://www.zope.org/Documentation/Books/ZDG/current/ObjectPublishing.stx
>
> peace,
> Andy
>
> On Wednesday 19 August 2009 09:15:57 am ccaadgi wrote:
>>>> Hey David,
>>>>
>>>>> Now that I read your use case, you could adapt Bethel's public  
>>>>> layout
>>>>> approach
>>>>> by, instead of checking a metadata property, you could check  
>>>>> whether
>>>>> the context is available to public unauthenticated users (and if  
>>>>> not
>>>>> redirect to
>>>>> https).
>>>>>
>>>>> Note that this approach would work using a ZMI layout as well, you
>>>>> would just
>>>>> to the check at the top of the index_html if your Silva root.
>>>>>
>>>>> Andy
>>>>
>>>> Thanks for that Andy, but how do I go about checking whether the
>>>> context is available to public unauthenticated users?
>>>
>>> The way this setting is presented on the access tab is similar to  
>>> the
>>> following:
>>>
>>> (this is TAL):
>>> info model/@@get_viewer_role_info;
>>> public info/is_public;
>>>
>>> Calling @@get_viewer_role_info is probably a bit heavy.  This z3  
>>> view is
>>> located here: Products/Silva/browser/viewerrole.py (the ViewerRole
>>> class).
>>> Looking in it, I see that "is_public" is defined by the following  
>>> code:
>>>
>>>       viewer_security = IViewerSecurity(self.context.aq_inner)
>>>       selected_role = viewer_security.getMinimumRole()
>>>       is_public = selected_role == 'Anonymous'
>>>
>>>
>>> So in your layout you might want to try (this is Silva 2.1):
>>> from Products.Silva.adapters.interfaces import IViewerSecurity
>>> viewer_security = IViewerSecurity(self.context.aq_inner)
>>> selected_role = viewer_security.getMinimumRole()
>>> is_public = selected_role == 'Anonymous'
>>>
>>> Keep in mind that depending on where this is used,
>>> "self.context.aq_inner" may
>>> be something different.  It also doesn't appear that this  
>>> interface is
>>> importable within RestrictedPython.  So if you are using a ZMI-based
>>> layout,
>>> get_viewer_role_info may be your best approach.  Note that you could
>>> probably
>>> not call this if you are already on https, so that may save a few  
>>> compute
>>> cycles.
>>>
>>> peace,
>>> Andy
>>
>> Hi Andy,
>>
>> I've tried to do what you suggested above but I think I must be  
>> missing
>> something.  In my layout page template I call a function from the
>> associated class which returns true or false based on whether the  
>> page
>> is anonymous or not.  That part works ok.  The problem is that the
>> redirection is happening after the logging in but I would like it to
>> happen before.
>>
>> david
>>
>>>> David
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> silva-general mailing list
>>>> silva-general at lists.infrae.com <mailto:silva-general at lists.infrae.com 
>>>> >
>>>> https://lists.infrae.com/mailman/listinfo/silva-general
>
>
>




More information about the silva-general mailing list