From c029cb23560a276b13f84717209bed7436ca2ad4 Mon Sep 17 00:00:00 2001
From: Helmut Merz <helmutm@cy55.de>
Date: Mon, 19 Oct 2015 16:26:41 +0200
Subject: [PATCH] provide login.html as concept view (for use with a query), +
 a similar unauthorized view

---
 browser/auth.py        | 36 +++++++++++++++++++++++++++++++++---
 browser/configure.zcml | 10 ++++++++++
 2 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/browser/auth.py b/browser/auth.py
index 71d9dd9..972eb36 100644
--- a/browser/auth.py
+++ b/browser/auth.py
@@ -1,5 +1,5 @@
 #
-#  Copyright (c) 2011 Helmut Merz helmutm@cy55.de
+#  Copyright (c) 2015 Helmut Merz helmutm@cy55.de
 #
 #  This program is free software; you can redistribute it and/or modify
 #  it under the terms of the GNU General Public License as published by
@@ -17,7 +17,7 @@
 #
 
 """
-$Id$
+Login, logout, unauthorized stuff.
 """
 
 from zope.app.security.interfaces import IAuthentication
@@ -25,14 +25,27 @@ from zope.app.security.interfaces import ILogout, IUnauthenticatedPrincipal
 from zope import component
 from zope.interface import implements
 
+from loops.browser.concept import ConceptView
 from loops.browser.node import NodeView
 from zope.app.pagetemplate import ViewPageTemplateFile
 from zope.cachedescriptors.property import Lazy
 
 
+template = ViewPageTemplateFile('auth.pt')
+
+
+class LoginConcept(ConceptView):
+
+    template = template
+
+    @Lazy
+    def macro(self):
+        return self.template.macros['login_form']
+
+
 class LoginForm(NodeView):
 
-    template = ViewPageTemplateFile('auth.pt')
+    template = template
 
     @Lazy
     def macro(self):
@@ -59,3 +72,20 @@ class Logout(object):
         return self.request.response.redirect(nextUrl)
 
 
+class Unauthorized(ConceptView):
+
+    isTopLevel = True
+
+    def __init__(self, context, request):
+        self.context = context
+        self.request = request
+
+    def __call__(self):
+        response = self.request.response
+        response.setStatus(403)
+        # make sure that squid does not keep the response in the cache
+        response.setHeader('Expires', 'Mon, 26 Jul 1997 05:00:00 GMT')
+        response.setHeader('Cache-Control', 'no-store, no-cache, must-revalidate')
+        response.setHeader('Pragma', 'no-cache')
+        url = self.nodeView.topMenu.url
+        response.redirect(url + '/unauthorized')
diff --git a/browser/configure.zcml b/browser/configure.zcml
index 311b87b..7d1713d 100644
--- a/browser/configure.zcml
+++ b/browser/configure.zcml
@@ -44,6 +44,8 @@
         class="loops.browser.auth.Logout"
         permission="zope.View" />
 
+  <!-- see also view/adapter "login.html" in section "query views" -->
+
   <!-- macros -->
 
   <page
@@ -537,6 +539,14 @@
 
   <!-- query views -->
 
+  <zope:adapter
+      name="login.html"
+      for="loops.interfaces.IConcept
+           zope.publisher.interfaces.browser.IBrowserRequest"
+      provides="zope.interface.Interface"
+      factory="loops.browser.auth.LoginConcept"
+      permission="zope.View" />
+
   <zope:adapter
       name="list_children.html"
       for="loops.interfaces.IConcept