Disallow access to a Plone site and its children if user is anonymous

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for alert from gravatar.com alert Avatar for collective from gravatar.com collective Avatar for ebrehault from gravatar.com ebrehault Avatar for gotcha from gravatar.com gotcha Avatar for ingeniweb from gravatar.com ingeniweb Avatar for jaroel from gravatar.com jaroel Avatar for me.eleddy.com from gravatar.com me.eleddy.com Avatar for tdesvenain from gravatar.com tdesvenain

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GPL
  • Author: Ingeniweb
  • Tags plone , extranet
  • Provides-Extra: test
Classifiers
Report project as malware

Project description

What is iw.rejectanonymous ?

This package is made to reject unconditionnally anonymous users from a Plone site, without any change in your security policy matrix or workflows. They should get redirected by plone to login form. The basic use case is an extranet, where all visitors must be authenticated.

Works with

Plone 3, 4, 5

Installation

Add iw.rejectanonymous to the eggs option of your plone.recipe.zope2instance part

...
[instance]
recipe = plone.recipe.zope2instance
...
eggs =
    ...
    iw.rejectanonymous
    ...
...
# The ZCML slug is no more required with Plone 3.3 and up
zcml =
    ...
    iw.rejectanonymous
    ...

Re-run buildout, then open the “Security” control panel of any Plone site of your instance. A new Private site checkbox lets you (de)activate iw.rejectanonymous.

Customization

iw.rejectanonymous enables the publication of some resources to the anonymous user, more specifically to enable all media and resources required from the standard loging page and the password reset page.

Adding valid ids

If your customized logging page requires some specific images or your site policy component provides a signup page which name is not login_form you may add additional ids (url last part) that are available to anonymous users.

from iw.rejectanonymous import addValidIds
...
addValidIds('some_image.png', 'my_login_form')

Adding valid subparts

If you want to let anonymous users browse the pages of some folders, you need to add valid subparts.

from iw.rejectanonymous import addValidSubparts
...
addValidSubparts('disclaimer', 'public_section')

Adding valid subparts prefixes

If you want to let anonymous users browse the pages of some folders with specific prefixes, you need to add valid subpart prefixes.

from iw.rejectanonymous import addValidSubpartPrefixes
...
addValidSubpartPrefixes('public_')

Hiding viewlets

You may hide viewlets from the views of the site (login form, password reset form). You need for this to add such lines in your site policy ZCML.

<browser:viewlet
  name="original.viewlet.name"
  for="iw.rejectanonymous.IPrivateSite"
  manager="original.viewlet.manager.Interface"
  class="original.viewlet.Class"
  permission="cmf.SetOwnProperties"
/>
name

Keep the original viewlet name.

for

iw.rejectanonymous.IPrivateSite the marker interface set to private sites

manager

Keep the original manager

class

Keep the original viewlet class

permission

Choose a permission that is not granted to an anonymous user but to anyone else. cmf.SetOwnProperties is a good choice if your site has the standard security policy.

See how we hide the plone.personal_bar and the plone.searchbox in the configure.zcml of this component.

Contributors

  • Bertrand Mathieu

  • Thomas Desvenain

  • Gilles Lenfant

  • Elisabeth Leddy

Changes log

1.2.8 (2026-04-17)

  • Add login views to valid_ids

1.2.7 (2023-05-08)

  • Add ++webresource++ and ++plone++ to valid_subpart_prefixes (Plone 6) [mamico]

1.2.6 (2022-05-11)

  • Add @@ok to valid_ids [ale-rt]

  • Add custom.css to valid_ids (needed since Plone 5.2.2) [ale-rt]

  • Add ++unique++ to valid_subpart_prefixes (needed since Plone 5) [ale-rt]

  • Remove pdb [mpeeters]

1.2.5 (2019-10-18)

  • Add less-variables.js to valid ids for Plone 5.2 compliance. Update classifiers [thomasdesvenain]

1.2.4 (2019-05-21)

  • If plone.restapi is available, add auth related endpoints to valid ids. [thomasdesvenain]

  • Compliancy with plone.rest: allow anonymous OPTIONS requests [ebrehault]

1.2.3 (2014-04-30)

  • Modified coding style of getPortalLogoId function. [vincentfretin]

  • Make iw.rejectanonymous work in tests [jaroel]

1.2.2 (2012-08-21)

  • 4.2.1 Compatibility. [thomasdesvenain]

1.2.1 (2012-08-16)

  • Include cmf permissions zcml. [thomasdesvenain]

1.2 (2012/5/16)

  • ZCML duplicate viewlet setting [eleddy]

  • Typos in README.rst [glenfant]

  • Version in setup.py was a float [glenfant]

1.1 (2012/5/12)

  • Added doc for customization [glenfant]

  • Re enabled tests [glenfant]

  • Disabled some viewlets to anonymous and added doc for customization. See https://github.com/collective/iw.rejectanonymous/issues/1 [glenfant]

  • Added valid subpart prefixes such iw.rejectanonymous does not conflict with plone.app.theming (Diazo) [glenfant]

  • Enable portal_kss subparts. [thomasdesvenain]

  • In plone 4, use of base_properties is sketchy and likely incompat. Catch error if needed and use better default for logo. [eleddy]

1.0.2 (2010-12-27)

  • z3c.autoinclude awareness added so the ZCML slug does not need to be explicitely added in buildout *.cfg. [glenfant]

  • Add customization utilities and doc (add new enabled ids and subpaths) [glenfant]

  • Enable favicon. [thomasdesvenain]

1.0.1 - 2010-10-08

  • Enable password reset system. [thomasdesvenain]

1.0.0 - 2008-02-11

  • Initial release [bmathieu]

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for alert from gravatar.com alert Avatar for collective from gravatar.com collective Avatar for ebrehault from gravatar.com ebrehault Avatar for gotcha from gravatar.com gotcha Avatar for ingeniweb from gravatar.com ingeniweb Avatar for jaroel from gravatar.com jaroel Avatar for me.eleddy.com from gravatar.com me.eleddy.com Avatar for tdesvenain from gravatar.com tdesvenain

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: GPL
  • Author: Ingeniweb
  • Tags plone , extranet
  • Provides-Extra: test
Classifiers

Release history Release notifications | RSS feed

This version

1.2.8

1.2.7

1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2

1.1

1.0.2

1.0.1

1.0.0

1.0.1dev-r145758 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

iw_rejectanonymous-1.2.8.tar.gz (12.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

iw_rejectanonymous-1.2.8-py3-none-any.whl (12.9 kB view details)

Uploaded Python 3

File details

Details for the file iw_rejectanonymous-1.2.8.tar.gz.

File metadata

  • Download URL: iw_rejectanonymous-1.2.8.tar.gz
  • Upload date:
  • Size: 12.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.1.0 CPython/3.13.7

File hashes

Hashes for iw_rejectanonymous-1.2.8.tar.gz
Algorithm Hash digest
SHA256 5c67c56115e64bbfb7bd5b7c4a91a4d9f992bb0f0d798722af81b369bb6fbe0b
MD5 96f340bae884c264eab006b79dc5b205
BLAKE2b-256 86fc3eaea34361cf3e1cc1bf2a3af5772c2b48090fe9d18852d19f443bedfd25

See more details on using hashes here.

File details

Details for the file iw_rejectanonymous-1.2.8-py3-none-any.whl.

File metadata

File hashes

Hashes for iw_rejectanonymous-1.2.8-py3-none-any.whl
Algorithm Hash digest
SHA256 a55ac18d9fbf399cc3317e1828cc93b16d751b289ca9cbe86bdb6b71ea1bf866
MD5 09a4b1aa3059f90839df0bc7c3e89257
BLAKE2b-256 7a885ffcbd3bb6b0a52c4e693b859ae449846b8fbb5e8bdbb6d585028aaa395f

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page