On Wed, 27 Oct 1999, John Fohrman wrote:
1. Role Inheritance: Currently, the permissions associated with "Role A" and "Role B" can be assigned to a single user. However, they can't be assigned to "Role C" (ideally along with additional permissions).
You can't do exactly what you ask, and I doubt Zope could be easily hacked into shape to do it since the security is a fundamental part rather than tacked on top. There are plenty of ways to work around this though. I'm pulling my assigned roles from a central RDBMS which ensures that everyone who is 'Technical Staff' is also 'Helpdesk', 'Staff' and 'Default'. As the roles are retrieved from your authentication system, and if the simple one Zope ships with doesn't meet your requirements, you can enhance it with whatever intelligence you require.
2. Timeout: If I walk away from my computer while using Zope, and return an hour later, someone could use Zope without my permission. With a timeout, I could say "log me off if you haven't heard from me in (specified number of) minutes.
This is handled by the authentication implementation you are using. The default (read ships with zope) uses HTTP Basic Authentication which means it works with just about every brower and proxy server, but can't. Other UserFolder's can handle this anyway they want (cookies, whatever). I'll probably end up with this functionality in the generic one I'm writing, and the Zope architecture allows you the flexibility to write your own. ___ // Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au // E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au //__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen