Skip to main content

PAS plugin for adding roles to (anonymous or logged-in) visitors based on their IP address.

Project description

Introduction

The AutoRole plugin allows to assign roles to users from certain subnets.

There is an extraction and authentication plugin included, to enable additional roles for anonymous users. They are required since PAS does not support roles (or properties or groups) for anonymous users. You can disable these interfaces if only logged-in users should get additional roles.

AutoRole furthermore provides a groups plugin interface, allowing you to assign groups instead of roles.

Configuration

The plugin is configured by editing the IP filter and roles property on the plugin’s Properties screen. Each line represents a mapping from IP network to one or more roles. The format is as follows:

ip-address[/mask]: role[, role ...]

If mask bits are omitted, a mask of 32 is assumed.

Proxies

If your Zope server is hosted behind one or more proxies, be sure to list them in the zope.conf file using the trusted-proxy directive. AutoRole depends on Zope’s HTTPRequest to extract the client IP address, and it, in turn, uses the trusted-proxy directive to filter out proxy IP addresses.

RAM Cache

If you have PAS configured with a RAM Cache, you must add REMOTE_ADDR and HTTP_X_FORWARDED_FOR to its REQUEST variables.

Caveat

If you have AutoRole configured for anonymous users and come from a network matching one of its rules, you will NOT be able to log in with an account from a higher-up user folder. This is because AutoRole authenticates the Anonymous User which stops the lookup process.

Credits

Copyright 2006 Norwegian Archive, Library and Museum Authority (http://www.abm-utvikling.no)

Copyright 2008-2009 Jarn AS (http://www.jarn.com)

AutoRole 1.0 development was sponsored by the Norwegian Archive, Library and Museum Authority

License

AutoRole is licensed under the GNU Lesser Generic Public License, version 2.1. The complete license text can be found in file LICENSE.txt.

Changelog

2.1.1 - 2009-05-03

  • AutoRole was of the opinion that 0 was an invalid netmask. It isn’t, it’s perfectly valid and means “everything”. I added support for that. [regebro]

2.1.0 - 2009-05-03

  • Added an Anonymous Only checkbox that makes the plugin add roles only to anonymous users. [regebro]

2.0.1 - 2009-04-06

  • Fire ConfigurationChangedEvent when the ‘ip_roles’ property has changed. [stefan]

2.0 - 2009-03-26

2.0b2 - 2009-03-20

  • Store compiled lookup table persistently so that all threads can see changes right away. [stefan]

2.0b1 - 2009-03-18

  • Change plugin id to ‘auto_role’, meta_type to ‘Auto Role Plugin’. [stefan]

  • Use GS profile instead of Extensions.Install. [stefan]

  • Fix bug in compiler which accepted empty roles. [stefan]

1.1dev-r66205 - 2008-12-01

  • Initial PyPI release

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

Products.AutoRole-2.1.1.zip (29.5 kB view hashes)

Uploaded Source

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page