On Tuesday 26 November 2002 05:04 pm, Dan Shafer wrote:
My customer site has an acl_user folder at the top level. Only users whose names appear in that folder can update the site in any way. But the site includes a folder called Clearings which houses a set of Python scripts and HTML forms that together constitute an application which adds information to the Zope database (creates a folder and multiple documents).
My client would like to allow anyone to whom he issues a password (which one of my scripts randomly generates on demand) the ability to run those scripts which update the site, but not do any other site updating or be able to see other aspects of the site.
So when a person goes to the URL he gives them, they are challenged for a password. If they supply the proper password, they should then be allowed to visit the HTML forms which execute the Python scripts which in turn update the Zope database.
I can't see how to use acl_users for this since I would have to either create a new user along with each new password generated or update the password for a pre-named user (like "client") in the acl_folder. Presumably even if I could figure out how to do that (which I haven't been able to do yet), I would need to create a new role for these individuals.
If I understand correctly, you have two mutually exclusive security zones. If possible, I would try to setup your folder structure to model that with two acl_users folders. Something like: new_client_root Clearings acl_users current_top_level acl_users HTH, Jeff