Forum OpenACS Q&A: Re: What Triggers A User Login

Collapse
Posted by Tilmann Singer on
Normally you would add permission::require_permission calls to the top of the .tcl pages that you want to specifically restrict.

Pages beneath www/admin/ are automatically restricted to users with admin privilege on the package.

Collapse
Posted by Steve Manning on
My problems actually the other way around - I don't want any restriction to the submission page which is beneath the index. The index has Public rights and I want those rights to be inherited by the submission page so that no login page is thrown when the submission page is requested.

All of the permission stuff I've looked at, including require_permission, relate objects rather than pages but there is no object to reference on this page - its purpose is to create an object. Or am I missing something about objects here?

Steve

Collapse
Posted by Tilmann Singer on
If you don't have any explicit calls to permission::require_permission, ad_maybe_redirect_for_registration or something similar and you neither placed your submission page under www/admin/ then there shouldn't be a redirect to to the login page and something really spooky is going on.

The rights of such unrestricted pages are not inherited from the index page but should rather be the same for all pages, according to the permissions you set for the package instance in the site-map.

Collapse
Posted by Steve Manning on
Thanks for that - it was my understanding too and just proves I'm not going mad.

In the site map the url for my package has permissions set for public read and public create so if everything is working and I don't explicitly code the calls you mention I should be able to display the submission page without getting a login.

Two thoughts occur:

1. I have the parameter RestrictEntireServerToRegisteredUsersP set to 0. Are there any known problems with this?

2. I was testing by logging out then calling the index page. Is there anything (other than the session_id cookie which I deleted) which could be triggering the sign-on? The developement machine is behind the firewall otherwise I'd ask someone to try requesting the page to see what they get.

Anything else I can check?

    Steve