Authentication on a Folder?
Hi, I want to restrict access to a subfolder: Folder structure: --------------------------------- Root Folder +- MySite +- Admin Access limitation: --------------------------------- My Site: Public for all Admin: Only with Basic Authentication Notes: --------------------------------- My page templates under 'MySite' use Script (Python) calls from Admin folder like: index_html (in MySite): --------------------------------- <html> ... <tal:contain define="user container/Admin/getUser"> ... </tal:container> ... </html> But 'getUser' should not be able for access from outside the application server. How can I do this? Thanks very much, Ferhat __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
--On 11. September 2006 01:05:01 -0700 Ferhat Ayaz <ferhatayaz@yahoo.com> wrote:
Hi,
I want to restrict access to a subfolder:
Folder structure: --------------------------------- Root Folder +- MySite +- Admin
Access limitation: --------------------------------- My Site: Public for all Admin: Only with Basic Authentication
Why basic authentication? In general you control access to objects by granting or revoking a particular permission (in your case the View permission) to roles/from roles (see Access tab within the ZMI). -aj
argh, yes thanks. It's better then basic auth. (and easier) But know I'm standing against the problem: calling Scripts from an authentication Folder within the application server. + MySite : index_html |-+ Admin : getUser In index_html: <p tal:content="container/Admin/getUser"/> will an authenticated user. But the page template MySite/index_html should have access to the Script Admin/getUser. I don't know how to do this.?? thanks, Ferhat --- Andreas Jung <lists@zopyx.com> wrote:
--On 11. September 2006 01:05:01 -0700 Ferhat Ayaz <ferhatayaz@yahoo.com> wrote:
Hi,
I want to restrict access to a subfolder:
Folder structure: --------------------------------- Root Folder +- MySite +- Admin
Access limitation: --------------------------------- My Site: Public for all Admin: Only with Basic Authentication
Why basic authentication? In general you control access to objects by granting or revoking a particular permission (in your case the View permission) to roles/from roles (see Access tab within the ZMI).
-aj
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
From: "Ferhat Ayaz" <ferhatayaz@yahoo.com> Sent: Monday, 11 de September de 2006 9:57 Hello.
But know I'm standing against the problem: calling Scripts from an authentication Folder within the application server.
+ MySite : index_html
-+ Admin : getUser
In index_html: <p tal:content="container/Admin/getUser"/> will an authenticated user. But the page template MySite/index_html should have access to the Script Admin/getUser. I don't know how to do this.??
<p tal:content="here/getUser"/> Create a "getUser" in MySite and another one in "Admin". If your don't want/can't do this, you could always try to play around with proxy roles. Best regards, @500, Nbk
Ferhat Ayaz wrote:
In index_html: <p tal:content="container/Admin/getUser"/> will an authenticated user. But the page template MySite/index_html should have access to the Script Admin/getUser. I don't know how to do this.??
I think you're looking for Proxy Roles... Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
hmm. But isn't it a hard work to set each script a specific permission instead of setting (I don't know how) the contained folder to the right permission? I want give to all Scripts full access, if these are called from another ZObject (page templates, etc.). but I don't want, that this script can be called via a web browser, because this scripts will modify the database. --- Chris Withers <chris@simplistix.co.uk> wrote:
Ferhat Ayaz wrote:
In index_html: <p tal:content="container/Admin/getUser"/> will an authenticated user. But the page template MySite/index_html should have access to the Script Admin/getUser. I don't know how to do this.??
I think you're looking for Proxy Roles...
Chris
-- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Ferhat Ayaz wrote at 2006-9-11 01:05 -0700:
I want to restrict access to a subfolder:
Folder structure: --------------------------------- Root Folder +- MySite +- Admin
Access limitation: --------------------------------- My Site: Public for all Admin: Only with Basic Authentication
Notes: --------------------------------- My page templates under 'MySite' use Script (Python) calls from Admin folder like:
index_html (in MySite): --------------------------------- <html> ... <tal:contain define="user container/Admin/getUser"> ... </tal:container> ... </html>
But 'getUser' should not be able for access from outside the application server.
How can I do this?
What you want is difficult to achieve (if I disregard, that (in some speaking) no access to 'getUser' is possible "from outside" the application server -- all (Web access) will go through the application server). The easiest solution would be to move the objects that should be used from public code out of "Admin" and put it in a separate folder, say "Admin_public". There is a product around that prevents traversal from entering a folder. This way, you can prevent that your "getUser" is used directly from the Web. Do not ask me how this product is called -- I forgot and will not search for you. An alternative (to the product) would be a "SiteAccess" "AccessRule". Be warned however, that such a rule can be disabled through special url path segments. If not using "getUser" and friends is vital, then you would need to change the "AccessRule" code to prevent disabling by special urls. And, as others already pointed out: you can use "proxy roles". But, of course, many scripts might need to get such roles... -- Dieter
participants (5)
-
Andreas Jung -
Chris Withers -
Dieter Maurer -
Ferhat Ayaz -
Olavo Santos