PAS plugin for adding roles to (anonymous or logged-in) visitors based on their IP address.
Project description
Introduction
The AutoRole plugin allows to assign roles to users from certain subnets.
There is an extraction and authentication plugin included, to enable additional roles for anonymous users. They are required since PAS does not support roles (or properties or groups) for anonymous users. You can disable these interfaces if only logged-in users should get additional roles.
AutoRole furthermore provides a groups plugin interface, allowing you to assign groups instead of roles.
Configuration
The plugin is configured by editing the IP filter and roles property on the plugin’s Properties screen. Each line represents a mapping from IP network to one or more roles. The format is as follows:
ip-address[/mask]: role[, role ...]
If mask bits are omitted, a mask of 32 is assumed.
Proxies
If your Zope server is hosted behind one or more proxies, be sure to list them in the zope.conf file using the trusted-proxy directive. AutoRole depends on Zope’s HTTPRequest to extract the client IP address, and it, in turn, uses the trusted-proxy directive to filter out proxy IP addresses.
RAM Cache
If you have PAS configured with a RAM Cache, you must add REMOTE_ADDR and HTTP_X_FORWARDED_FOR to its REQUEST variables.
Caveat
If you have AutoRole configured for anonymous users and come from a network matching one of its rules, you will NOT be able to log in with an account from a higher-up user folder. This is because AutoRole authenticates the Anonymous User which stops the lookup process.
Credits
Copyright 2006 Norwegian Archive, Library and Museum Authority (http://www.abm-utvikling.no)
Copyright 2008-2009 Jarn AS (http://www.jarn.com)
AutoRole 1.0 development was sponsored by the Norwegian Archive, Library and Museum Authority
License
AutoRole is licensed under the GNU Lesser Generic Public License, version 2.1. The complete license text can be found in file LICENSE.txt.
Changelog
2.1.1 - 2009-05-03
AutoRole was of the opinion that 0 was an invalid netmask. It isn’t, it’s perfectly valid and means “everything”. I added support for that. [regebro]
2.1.0 - 2009-05-03
Added an Anonymous Only checkbox that makes the plugin add roles only to anonymous users. [regebro]
2.0.1 - 2009-04-06
Fire ConfigurationChangedEvent when the ‘ip_roles’ property has changed. [stefan]
2.0 - 2009-03-26
Remove workaround for https://bugs.launchpad.net/zope2/+bug/143914 which has long since been fixed. [stefan]
2.0b2 - 2009-03-20
Store compiled lookup table persistently so that all threads can see changes right away. [stefan]
2.0b1 - 2009-03-18
Change plugin id to ‘auto_role’, meta_type to ‘Auto Role Plugin’. [stefan]
Use GS profile instead of Extensions.Install. [stefan]
Fix bug in compiler which accepted empty roles. [stefan]
1.1dev-r66205 - 2008-12-01
Initial PyPI release
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.