skip to navigation
skip to content

Not Logged In

Products.AutoRole 2.1.1

PAS plugin for adding roles to (anonymous or logged-in) visitors based on their IP address.

Introduction

The AutoRole plugin allows to assign roles to users from certain subnets.

There is an extraction and authentication plugin included, to enable additional roles for anonymous users. They are required since PAS does not support roles (or properties or groups) for anonymous users. You can disable these interfaces if only logged-in users should get additional roles.

AutoRole furthermore provides a groups plugin interface, allowing you to assign groups instead of roles.

Configuration

The plugin is configured by editing the IP filter and roles property on the plugin's Properties screen. Each line represents a mapping from IP network to one or more roles. The format is as follows:

ip-address[/mask]: role[, role ...]

If mask bits are omitted, a mask of 32 is assumed.

Proxies

If your Zope server is hosted behind one or more proxies, be sure to list them in the zope.conf file using the trusted-proxy directive. AutoRole depends on Zope's HTTPRequest to extract the client IP address, and it, in turn, uses the trusted-proxy directive to filter out proxy IP addresses.

RAM Cache

If you have PAS configured with a RAM Cache, you must add REMOTE_ADDR and HTTP_X_FORWARDED_FOR to its REQUEST variables.

Caveat

If you have AutoRole configured for anonymous users and come from a network matching one of its rules, you will NOT be able to log in with an account from a higher-up user folder. This is because AutoRole authenticates the Anonymous User which stops the lookup process.

Credits

Copyright 2006 Norwegian Archive, Library and Museum Authority (http://www.abm-utvikling.no)

Copyright 2008-2009 Jarn AS (http://www.jarn.com)

AutoRole 1.0 development was sponsored by the Norwegian Archive, Library and Museum Authority

License

AutoRole is licensed under the GNU Lesser Generic Public License, version 2.1. The complete license text can be found in file LICENSE.txt.

Changelog

2.1.1 - 2009-05-03

  • AutoRole was of the opinion that 0 was an invalid netmask. It isn't, it's perfectly valid and means "everything". I added support for that. [regebro]

2.1.0 - 2009-05-03

  • Added an Anonymous Only checkbox that makes the plugin add roles only to anonymous users. [regebro]

2.0.1 - 2009-04-06

  • Fire ConfigurationChangedEvent when the 'ip_roles' property has changed. [stefan]

2.0 - 2009-03-26

2.0b2 - 2009-03-20

  • Store compiled lookup table persistently so that all threads can see changes right away. [stefan]

2.0b1 - 2009-03-18

  • Change plugin id to 'auto_role', meta_type to 'Auto Role Plugin'. [stefan]
  • Use GS profile instead of Extensions.Install. [stefan]
  • Fix bug in compiler which accepted empty roles. [stefan]

1.1dev-r66205 - 2008-12-01

  • Initial PyPI release
 
File Type Py Version Uploaded on Size
Products.AutoRole-2.1.1.zip (md5) Source 2009-06-03 28KB
  • Downloads (All Versions):
  • 21 downloads in the last day
  • 112 downloads in the last week
  • 574 downloads in the last month