From bf7de644324faa9cfc49454f97be0b1215e78c8f Mon Sep 17 00:00:00 2001 From: Schulz Adrian Date: Wed, 17 Feb 2021 14:36:48 +0100 Subject: [PATCH 1/3] Redirect to nearest public ancestor if page is private. --- Products/AutoUserMakerPASPlugin/auth.py | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/Products/AutoUserMakerPASPlugin/auth.py b/Products/AutoUserMakerPASPlugin/auth.py index 7a3916b..8b0f596 100644 --- a/Products/AutoUserMakerPASPlugin/auth.py +++ b/Products/AutoUserMakerPASPlugin/auth.py @@ -23,6 +23,7 @@ from Products.PluggableAuthService.utils import classImplements from random import choice from ZODB.POSException import ConflictError +from zope.security import checkPermission import itertools import re @@ -268,7 +269,27 @@ def loginUrl(self, currentUrl): def challenge(self, request, response): # Just Start a challenge, if not logged yet if request.getHeader(httpRemoteUserKey, None) == None: - url = self.loginUrl(request.ACTUAL_URL) + url = None + + # try to redirect to a public parent + parents = request.get('PARENTS', []) + + # the first element is the object itself. so we skip that. + if len(parents) > 1: + public_parent = None + + for parent in parents[1:]: + perm = checkPermission('zope2.View', parent) + if perm: + public_parent = parent + break + + if public_parent: + url = '/'.join(public_parent.getPhysicalPath()) + + # redirect to login-view if no parents found. + if not url: + url = self.loginUrl(request.ACTUAL_URL) if url: response.redirect(url, lock=True) return True From 42846d726b5dd6e1f12a09ff9dfdb198688f96c6 Mon Sep 17 00:00:00 2001 From: Schulz Adrian Date: Thu, 18 Feb 2021 13:57:37 +0100 Subject: [PATCH 2/3] Use absolute-url so the redirect-url doesn't include /Plone. --- Products/AutoUserMakerPASPlugin/auth.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Products/AutoUserMakerPASPlugin/auth.py b/Products/AutoUserMakerPASPlugin/auth.py index 8b0f596..099a880 100644 --- a/Products/AutoUserMakerPASPlugin/auth.py +++ b/Products/AutoUserMakerPASPlugin/auth.py @@ -285,7 +285,7 @@ def challenge(self, request, response): break if public_parent: - url = '/'.join(public_parent.getPhysicalPath()) + url = public_parent.absolute_url() # redirect to login-view if no parents found. if not url: From 42548b24e4f1673a452069b62f1fb970cf410397 Mon Sep 17 00:00:00 2001 From: Schulz Adrian Date: Thu, 13 Apr 2023 14:58:27 +0200 Subject: [PATCH 3/3] Redirect to target link if anon_redirect_link is given for the object. --- Products/AutoUserMakerPASPlugin/auth.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/Products/AutoUserMakerPASPlugin/auth.py b/Products/AutoUserMakerPASPlugin/auth.py index 099a880..c8fbc54 100644 --- a/Products/AutoUserMakerPASPlugin/auth.py +++ b/Products/AutoUserMakerPASPlugin/auth.py @@ -278,6 +278,12 @@ def challenge(self, request, response): if len(parents) > 1: public_parent = None + obj = parents[0] + anon_redirect_link = getattr(obj, 'anon_redirect_link', None) + if anon_redirect_link: + response.redirect(anon_redirect_link, lock=True) + return True + for parent in parents[1:]: perm = checkPermission('zope2.View', parent) if perm: