Forum OpenACS Q&A: What Triggers A User Login

Collapse
1: What Triggers A User Login
Posted by Steve Manning on 03/27/03 11:53 PM
I am creating a package which will have public read and create permissions (The creates will be approved by a user with admin perms before going live). I have mounted the package and set the permissions in the site map for public read and create.

The index page of the package displays fine for the public but my problem is that when the link is clicked to go to the submission form page I get the login page first. I can't figure out what it is that allows the index to display but then triggers the login if another page in the same package is requested.

Help :)

    Steve

Collapse
2: Re: What Triggers A User Login (response to 1)
Posted by Tilmann Singer on 03/28/03 06:09 AM
Normally you would add permission::require_permission calls to the top of the .tcl pages that you want to specifically restrict.

Pages beneath www/admin/ are automatically restricted to users with admin privilege on the package.

Collapse
3: Re: What Triggers A User Login (response to 2)
Posted by Steve Manning on 03/28/03 08:41 AM
My problems actually the other way around - I don't want any restriction to the submission page which is beneath the index. The index has Public rights and I want those rights to be inherited by the submission page so that no login page is thrown when the submission page is requested.

All of the permission stuff I've looked at, including require_permission, relate objects rather than pages but there is no object to reference on this page - its purpose is to create an object. Or am I missing something about objects here?

Steve

Collapse
4: Re: What Triggers A User Login (response to 3)
Posted by Tilmann Singer on 03/28/03 08:48 AM
If you don't have any explicit calls to permission::require_permission, ad_maybe_redirect_for_registration or something similar and you neither placed your submission page under www/admin/ then there shouldn't be a redirect to to the login page and something really spooky is going on.

The rights of such unrestricted pages are not inherited from the index page but should rather be the same for all pages, according to the permissions you set for the package instance in the site-map.

Collapse
5: Re: What Triggers A User Login (response to 4)
Posted by Steve Manning on 03/28/03 09:57 AM
Thanks for that - it was my understanding too and just proves I'm not going mad.

In the site map the url for my package has permissions set for public read and public create so if everything is working and I don't explicitly code the calls you mention I should be able to display the submission page without getting a login.

Two thoughts occur:

1. I have the parameter RestrictEntireServerToRegisteredUsersP set to 0. Are there any known problems with this?

2. I was testing by logging out then calling the index page. Is there anything (other than the session_id cookie which I deleted) which could be triggering the sign-on? The developement machine is behind the firewall otherwise I'd ask someone to try requesting the page to see what they get.

Anything else I can check?

    Steve