Local Roles via LDAP? NuxUserGroups?
Hi All, If I replace the root userfolder of a ZODB with an LDAP User Folder, will I still be able to grant local roles to users defined in that user folder in certain parts of the tree? The idea here is that in a CMS, you want some people to only be able to maintain content in certain areas of the site. Am I correct in assuming that the 'official' way of doing this in Zope is to give those users an anonymous role at the root of the ZODB and then give them local roles appropriate to a content maintainer in the folders where they're allowed to maintain content? If so, how would one go about giving a group of people that content maintaining role in an area of a site? Hmmm, I guess if I could grant a 'role' the local role in those areas then I could get what I'm after. Would NuxUSerGroups help in this area at all? Do they work with LDAPUserFolder? cheers, Chris
Hi, I would like to return a zip file from zope. I found a file zipfile152.py as part of ZipFolder, but the ZipFolder product itself seems to only support uploading of zip files. I would like to do the opposite. Any other suggestions? Douwe
douwe@oberon.nl wrote:
I would like to return a zip file from zope. I found a file zipfile152.py as part of ZipFolder, but the ZipFolder product itself seems to only support uploading of zip files. I would like to do the opposite. Any other suggestions?
Load at python's zipefile module and write an external method? http://www.python.org/doc/current/lib/module-zipfile.html cheers, Chris
its all good, but how do i unzip a file using that?? I can zip using zipfile.write, what and hwo do I use zipfile .read, I get an infolist and a name list and then do a read but what good are bytes to me.... :) TIA AM Chris Withers wrote:
douwe@oberon.nl wrote:
I would like to return a zip file from zope. I found a file zipfile152.py as part of ZipFolder, but the ZipFolder product itself seems to only support uploading of zip files. I would like to do the opposite. Any other suggestions?
Load at python's zipefile module and write an external method?
http://www.python.org/doc/current/lib/module-zipfile.html
cheers,
Chris
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
-- ================================================================== Aseem Mohanty Neurobehavioral Systems Inc, 828 San Pablo Ave, Albany, CA 94706 (R) 510 7696011 (M) 510 3014871 (O) 510 5279231 ================================================================== "I saw `cout' being shifted "Hello world" times to the left and stopped right there!!" -- Steve Gonedes ==================================================================
Thanks. Sounds like a good plan. Douwe
-----Original Message----- From: Chris Withers [mailto:chrisw@nipltd.com] Sent: Thursday, July 25, 2002 12:31 AM To: douwe@oberon.nl Cc: zope@zope.org Subject: Re: [Zope] Zip support in Zope
douwe@oberon.nl wrote:
I would like to return a zip file from zope. I found a file
zipfile152.py as
part of ZipFolder, but the ZipFolder product itself seems to only support uploading of zip files. I would like to do the opposite. Any other suggestions?
Load at python's zipefile module and write an external method?
http://www.python.org/doc/current/lib/module-zipfile.html
cheers,
Chris
If I replace the root userfolder of a ZODB with an LDAP User Folder, will I still be able to grant local roles to users defined in that user folder in certain parts of the tree?
the LDAPUserFolder (and all others AFAIK) have no relation whatsoever to the local role mechanism, other than being a source of possible user IDs.
The idea here is that in a CMS, you want some people to only be able to maintain content in certain areas of the site. Am I correct in assuming that the 'official' way of doing this in Zope is to give those users an anonymous role at the root of the ZODB and then give them local roles appropriate to a content maintainer in the folders where they're allowed to maintain content?
i don't think there is an "official" way but the pattern you describe is very common, yes.
If so, how would one go about giving a group of people that content maintaining role in an area of a site? Hmmm, I guess if I could grant a 'role' the local role in those areas then I could get what I'm after.
the LDAUserFolder has no built-in idea of "grouping" people, just like most other user folders out there. AFAIK at this point the only solution is to grant the local roles to individual users.
Would NuxUSerGroups help in this area at all? Do they work with LDAPUserFolder?
no idea. i have never looked at NuxUserGroups. jens
In article <3D33B35D.18DBD26D@nipltd.com> you write:
If I replace the root userfolder of a ZODB with an LDAP User Folder, will I still be able to grant local roles to users defined in that user folder in certain parts of the tree?
Sure, why not? It's just a User Folder.
The idea here is that in a CMS, you want some people to only be able to maintain content in certain areas of the site. Am I correct in assuming that the 'official' way of doing this in Zope is to give those users an anonymous role at the root of the ZODB and then give them local roles appropriate to a content maintainer in the folders where they're allowed to maintain content?
If so, how would one go about giving a group of people that content maintaining role in an area of a site? Hmmm, I guess if I could grant a 'role' the local role in those areas then I could get what I'm after.
Yes. Have a "ContentMaintainer" role which you give to your users only locally.
Would NuxUSerGroups help in this area at all?
It depends, see the use cases on its page. If you have a simple setup like described above they're probably not needed.
Do they work with LDAPUserFolder?
No, LDAPUserFolder is not aware of groups. Makina-Corpus however did a patch for an older version of LDAPUserFolder, which I still haven't gotten around to updating and integrating in the NuxUserGroups distribution. see http://www.makinacorpus.org/index.php/zope/ldapusergroups Florent -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 79 87 http://nuxeo.com mailto:fg@nuxeo.com
Florent Guillaume wrote:
If so, how would one go about giving a group of people that content maintaining role in an area of a site? Hmmm, I guess if I could grant a 'role' the local role in those areas then I could get what I'm after.
Yes. Have a "ContentMaintainer" role which you give to your users only locally.
Yes, but how could I maintain the mapping from role to location in an LDAP repository? I don't think I can use Local Roles to do that. Any ideas?
Would NuxUSerGroups help in this area at all?
It depends, see the use cases on its page. If you have a simple setup like described above they're probably not needed.
Will check it out when I get a chance...
Do they work with LDAPUserFolder?
No, LDAPUserFolder is not aware of groups. Makina-Corpus however did a patch for an older version of LDAPUserFolder, which I still haven't gotten around to updating and integrating in the NuxUserGroups distribution.
see http://www.makinacorpus.org/index.php/zope/ldapusergroups
Shame :-S cheers, Chris
Yes. Have a "ContentMaintainer" role which you give to your users only locally.
Yes, but how could I maintain the mapping from role to location in an LDAP repository? I don't think I can use Local Roles to do that.
why not local roles? you could have location-based roles by creating another LDAPUserFolder in the location where people are supposed to get different roles. that one would have to look at a different place in the LDAP directory tree where the group/role records are different. jens
Jens Vagelpohl wrote:
why not local roles?
'cos Local Roles are ZODB-based. I want them to be based on roles defined in an LDAP repository, maybe that's not necessary though?
you could have location-based roles by creating another LDAPUserFolder in the location where people are supposed to get different roles. that one would have to look at a different place in the LDAP directory tree where the group/role records are different.
True, although that's like the old 'have multiple acl_users at different places in your ZODB, just make sure the usernames and passwords are the same' which didn't scale well ;-) cheers, Chris
jens
participants (5)
-
Aseem Mohanty -
Chris Withers -
douwe@oberon.nl -
Florent Guillaume -
Jens Vagelpohl