Hi Tilo, why don't you use a property "download permission" mapped to a new permission ? You can grant the new permission only to role staff, to avoid the students changing the property themselves when accessing the view method ! Hope this helps, --peppo PS: are you storing the PDFs on the file system or in the ZooDB ? -----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Tilo Renz Sent: sabato 18 agosto 2001 17.07 To: zope@zope.org Subject: [Zope] Permissions / System design (zope Newbie) Hello, I have two user groups (role student and role staff). In the following setup the method view shows Information about the XY-File stored as Properties of XY.pdf. Both roles should be allowed to view this information. _The students_must_not_be able to download XY.pdf._ My Setup: +-+-DTML-Method: view I +-Folder: data I +-File: XY.pdf In order to make data/XY.pdf/view accessible to the students they must have the rights 'view' and 'Access contents information' on XY.pdf. Which means they also can download the file, which is unwanted. Now I thought for solutions: Variant A: Replace the view method by a python script show(id) which gets the Document-Id (eg XY.pdf) as Parameter and is called on the data-folder. Then setting up a proxy for show(id), so that students can call it, although they don't have any permissions on XY.pdf: +-+-python-Script: show(id) I +-Folder: data I +-File: XY.pdf I must call data/show?id=XY.pdf to get the information about XY Disadvantages: Not really object oriented. Needs writing a new show-script and rewriting other methods in the project because calls are now going to other URLs. More difficulties if show needs additional cgi-Parameters Variant B: Setting up 2 Trees, data for the staff, public for students. Write a script that copies everything from data to public except the Files like XY.pdf, which should be 0-Byte copies, but with all properties. Disadvantages: Ugly redundancy. Costs disk-space and time for copying. What do you think about my problem? What should I do? Have I overseen something and are there better solutions? Thanks in advance. Tilo _______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )