You are here:   » Home » Documentation » Details » How-To » Access rights » Intranet Password

Letting the subscriber password be changed independently at website / in the Intranet

Author: Dr. Frank Hoffmann (für UDK-Berlin), 2005/11/18

The Subsriber role (ZMSSubscriber) does not get into the ZMS editing interface and therefore primarily does not have the possibility to change the own password. This can be mediated through a DTML method, authorized for this via a Zope proxyrole as "Manager".

Download

Zoom (37KB)

1. Applying a subscriber "zmstest" in the ZMI

Zoom (25KB)

2. Subscriber logs in with his password to the protected website

Zoom (32KB)

3. Subscriber changes his password per popup window that appears after click on his name (here stored in the template pageelement_Copyright).

Zoom (23KB)

4. The DTML method, which generates the interface for the password popup as well as it takes over the re-writing of the new user parameter, requires the Zope proxyrole "Manager". That way the subscriber may indirectly access these change options.

Information about the DTML code


The ZMS user attributes are processed with the API functions from module _accessmanager.py.
1. Reading with AccessManager.getUserAttr:
getUserAttr(self, user, name, default, flag=0)
2. Writing with AccessManager.setUserAttr:
setUserAttr(self, user, name, value)

The following code from "manage_login" shows the clip with which the re-writing of password and e-mail address happens; since users are stored in the standard acl_users-object of Zope, data should be synchronized with its object contents (therefore the double re-writing).

.....
<dtml-if "REQUEST.get('btn')==getLangStr('BTN_CHANGE',manage_lang)">
  <dtml-call "setUserAttr(userObj,'email',email)">
  <dtml-call "setUserAttr(userObj,'password',password)">

  <dtml-call expr="REQUEST.set('name',AUTHENTICATED_USER.getUserName())">
  <dtml-call expr="REQUEST.set('password',password)"> 
  <dtml-call expr="REQUEST.set('confirm',confirm)">
  <dtml-call expr="acl_users.manage_users('Change',REQUEST)">

  <script language="JavaScript">
    <!--
      window.close();
      alert('Ihre Daten wurden modifiziert;\nSie werden nun 
      zum erneuten Login aufgefordert.');
      self.opener.location.reload();
      -->
  </script>
</dtml-if>
.....

Integration in the ZMS templates

In the template pageelement_Copyright one can insert e.g. the following line which causes the popup per Javascript; the popup function open_function() is a standard function delivered with the ZMS-typical 'headScript' template:

<dtml-var "getLangStr('YOU_ARE',manage_lang)"> angemeldet als: 
 <a href="javascript:open_function('manage_login?lang=<dtml-var 
 lang>&amp;manage_lang=<dtml-var manage_lang>',440,220,',resizable=yes,scrollbars=yes')" 
 class="zmiBottom"><b><dtml-var "string_maxlen(_.str(AUTHENTICATED_USER),15)"></b></a>
 
Screenshots
Summary
Software
Application
Object Model
Meta information
Content vs. design
Templates
Roles/workflow
Website planning
Features
Archive
Health Care
Organisations
Economics
ZMS 2.11
Installation Win32
Installation Linux
Release Notes 2.11
Release Notes 2.10
Release Notes 2.9
Release Notes 2.8
Release Notes 2.3
Release Notes 2.2
Release Notes 2.1
Release Notes 2.0
Release Notes 1.3
BSD licence
Update Service
Consulting
Service Provider
ZMS modules
CMS Modelling
Contact
Training
Certificate
Workshops
Coachings
How-To
ZMS API
Literature
Resources