Hello, I am working on a voting system for my schools' computer science classes. Students in each class will vote for the student of the week. The student heirarchy is represented in the Zope filesystem by folders: at the top is the class folder, then period folders and finally student folders. Each student folder contains an acl_users with that students login information. An important feature in this voting program is to authenticate students when they vote, so that they are not able to vote in classes/periods they are not in. My current problem is figuring out where in the aquisition path the voting scripts should go, so that when a user goes to the voting form it prompts him/her to login and builds a list of students based on the class this student belongs to. So far I can build the list of students by using aquisition, but I am having trouble with authentication. Here is the voting form i can generate by looping through the folders in the advanced topics class (which only has one period, so it is not sectioned into periods): http://linus.yorktown.arlington.k12.va.us/Adv/vote_form I hope my explination made some sense ;) What I would like to know is how some of you would approach this problem? How should I go about designing this voting form, security wise? Any other suggestions? thanks a bunch, - lex ===== "The Python literature says implement time-critical bits in C, the C literature says implement the time-critical bits in assembler, some assembly programmers hand-craft critical machine code, and you could always design and fabricate your own chips." - Tim Rowe, digitig@cix.co.uk __________________________________________________ Do You Yahoo!? Make a great connection at Yahoo! Personals. http://personals.yahoo.com
Lex Berezhny writes:
Hello,
I am working on a voting system for my schools' computer science classes. Students in each class will vote for the student of the week. The student heirarchy is represented in the Zope filesystem by folders: at the top is the class folder, then period folders and finally student folders. Each student folder contains an acl_users with that students login information.
An important feature in this voting program is to authenticate students when they vote, so that they are not able to vote in classes/periods they are not in. .... This design does not look good:
1. It tightly associates a student with a single class, which is not good (I think). Why should it be impossible that a student does not belong to several classes? 2. It does not take into consideration, that a user defined in a folder F's "acl_user" has only access to objects in the subtree rooted in "F" or to objects accessible by "Anonynous". Or, to say it differently: outside of "F" is the use "Anonynous". I would go for the following solution: * a single "acl_user" for all students, probably implemented by "ExtUserFolder" or a similar UserFolder Product, which allows to associate additional properties to users. * each user has additional properties, e.g. the list of classes it belongs to, periods(?), ... * a ZCatalog that indexes the relations "student-class", "student-whatever", ... You would not use Zope's security system to protect voting but would provide the security by application code. This code would check, whether the current user is allowed to vote in the current context. The object would use a Proxy Role to be able to do thing, the user normally would not be entitled to do... Dieter
participants (2)
-
Dieter Maurer -
Lex Berezhny