At 04:44 PM 2/11/00 +0000, Tony McDonald wrote:
At 10:59 am -0500 11/2/00, James W. Howe wrote:
I have some confusion over how to build a web site in Zope which allows people to access the site either as a "normal" web site, or to access it for the purpose of maintenance. [...]
Alternatively, *you* can add restraints to people using the site. This is done by turning off 'Acquire Permission Settings' for the 'View' permission on a file or folder. You then turn on the permission for the 'Owner' role. When someone tries to access that file, they'll get the standard authentication dialog box pop up. If they are in the acl_users folder with role Owner they can get in by filling in the boxes.
Let me describe a mechanism that I'm contemplating and see if it makes sense. I have a root folder named Foo which contains all the content for my web site. The Foo folder has a user folder defined for it. I create a new role called "registered". For each subfolder that I want to be publicly viewable I simply use the default security level. For any folder which is only accessible to registered users I change the security to prevent acquisition of the "Access Contents Information" and instead check it for all applicable roles other than anonymous. For example, I would select it for the "registered" role. The above seems to cover most of my site, however I still have a problem. My Foo root folder contains several "utility" type DTMLMethods. Under the scheme described above any user could view the methods if they typed the appropriate URL. The key thing is that I want the user to be able to view the index_html method, for example, but I don't want them arbitrarily accessing other methods. I suppose I could put my utility methods in their own folder, but then accessing them is more complicated. What do most people do to handle this situation? Thanks. James W. Howe mailto:jwh@allencreek.com Allen Creek Software, Inc. pgpkey: http://ic.net/~jwh/pgpkey.html Ann Arbor, MI 48103