There is somethin called precommand on files. Maybe you should try it. []'s Em Qui 28 Fev 2002 14:25, Marcus Bergmann escreveu:
Joel Burton wrote:
On Thu, 28 Feb 2002, Marcus Bergmann wrote:
Hello,
is it possible to set permissions, e.g. 'view', depending from the surfers domain? I need to protect files and folders from viewing by surfers outside our domains. I dont want a login screen!
Haven't tried this, but would it work to:
in outer folder, create user "bob" with low privileges (ie can't view documents in question)
in inner folder, create user "bob" with same password and higher privileges (ie can view docs in question) __and__ with restricted domain list
when zope goes to show bob the content, it would fail with the inner bob if he's not from the right domain and fall back on the outer bob who lacks the right privileges.
Not sure if it would do this, though: it might not bubble up to the next bob. If it sounds interesting, check & see & let us know.
I dont want to do this beacause I dont want to force the users to login. I want Zope to check the domain, the user comes from and either to allow or deny access. No problem with DTML-Documents or -Methods. There I can query the REMOTE_HOST. But if I publish files, there is no way to run a script, is it?
-*-
if this doesn't work, something more programmatic, like a SetAccessRule python script in the folder in question would work. This would compare the requester's domain and could raise an exception. It's not nice, clean declaration security like above, but, hey, it would get the job done.
Ok, I could write such a script, but how do I run the script when the user acesses the contents of the folder? Lets say the user directly calls http://mydomain/myfolder/myfile.pdf.
-*-
btw: if you're using a different webserver (eg apache) as the front end, you might not be getting the real browser IP address proxied to you; you might be getting the IP address of your apache box. Search the list for messages about this for workarounds.
No problem, our Apache let the REMOTE_HOST name pass.
--
Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton Independent Knowledge Management Consultant
In my view the missing of the possibility to deny/allow access to objects in Zope is a missing feature. You can do it easy with Apache, why not with Zope?
Thanks, Marcus
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
-- Sidnei da Silva X3ng Web Technology sidnei@x3ng.com.br