Zope security isn't exactly clear to me - could someone help out my working me through this example:
I have a Users folder, and inside this folder I want to create users and for every user a folder, with just enough rights to create homepages. Furthermore, say that I have a set of users I trust a bit more that can also create Confera topics on their homepages.
1. Create two roles: (eg.) SiteUsers and SitePowerUsers. 2. For your Users folder, go to the Security tab and give appropriate permissions to these roles; for example, you'll want full DTML access to SiteUsers and SitePowerUsers, but Confera permissions only to SitePowerUsers. 3. Go to each and every home folder (eg., Users/Bob), click on the Security tab, select Local Roles, and assign the SiteUsers role to the user or users who should own this folder. For power users, add the SitePowerUsers as well. You might want to build a ZClass or External Method combo to ease this process (eg., a form which lets you add new home folders).
BTW: is there a way to log out from the management environment so you can connect as a user with less privileges for testing purposes?
That's browser-specific -- Zope's management interface does not do persistent logins. Just open a new browser instance. In IE 5.0, just open a new window. -- Alexander Staubo http://www.mop.no/~alex/ "He could open a tin of sardines with his teeth, strike a Swan Vestas on his chin, rope steers, drive a steam locomotive and hum all the works of Gilbert and Sullivan without becoming confused or breaking down in tears." --Robert Rankin, _The Book of Ultimate Truths_
Thanks for the explanation, Alexander! alex@mop.no said:
That's browser-specific -- Zope's management interface does not do persistent logins.
I presume Zope sets a cookie after login that identifies the user, not? In that case, wouldn't it be easy for Zope to overwrite this cookie with junk in response to a logout button so the next request fails with a security error?
Just open a new browser instance. In IE 5.0, just open a new window.
Doesn't work with Netscape on Linux, it seems. -- Cees de Groot http://www.cdegroot.com <cg@cdegroot.com>
----- Original Message ----- From: Alexander Staubo <alex@mop.no> To: Zope Mailing List (E-mail) <zope@zope.org>; <cg@cdegroot.com> Sent: Tuesday, July 13, 1999 10:46 PM Subject: RE: [Zope] Question: user homepages
Zope security isn't exactly clear to me - could someone help out my working me through this example:
I have a Users folder, and inside this folder I want to create users and for every user a folder, with just enough rights to create homepages. Furthermore, say that I have a set of users I trust a bit more that can also create Confera topics on their homepages.
1. Create two roles: (eg.) SiteUsers and SitePowerUsers.
2. For your Users folder, go to the Security tab and give appropriate permissions to these roles; for example, you'll want full DTML access to SiteUsers and SitePowerUsers, but Confera permissions only to SitePowerUsers.
3. Go to each and every home folder (eg., Users/Bob), click on the Security tab, select Local Roles, and assign the SiteUsers role to the user or users who should own this folder. For power users, add the SitePowerUsers as well.
You might want to build a ZClass or External Method combo to ease this process (eg., a form which lets you add new home folders).
BTW: is there a way to log out from the management environment so you can connect as a user with less privileges for testing purposes?
That's browser-specific -- Zope's management interface does not do persistent logins. Just open a new browser instance. In IE 5.0, just open a new window.
Couldn't you just raise Unauthorized, that should then reset the security and allow you to login again. e.g. <!--#raise Unauthorized--> <!--#/raise--> This works with PHP3 for instance but I've not tried it with Zope (yet). HTH Phil phil@philh.org
participants (3)
-
Alexander Staubo -
cg@cdegroot.com -
Phil Harris