[Zope-CMF] Securing CMF with Page Templates

Kent Polk kent@goathill.org
Mon, 8 Apr 2002 15:06:58 -0500 (CDT) 

Shane Hathaway wrote:
> First, you can either assume that a "client" is a set of users or one
> user.  I would make the assumption that a client is a set of users. 
> With that in mind, it would make sense to create a new folder for each
> client independent of member folders.
> 
> Then I would create a folder called "Clients".  I would create a
> user-defined role called "Client" in the root of the site.  In the
> Clients folder I would disable at least the "Access Contents
> Information", "View", and (if you have it) "List Folder Contents"
> permissions for all roles but Manager and Client.  I would *not* give
> users the "Client" role directly.  Instead, for each client folder I
> would add local roles that map specific users to the Client role.
> 
> In other words, just use Zope security controls.  CMF tries hard to make
> sure they work like they always have.

Old topic, but new wrinkle for Zope 2.5.0 and/or CMF1.2 and Page
Templates.

I have a CMF1.2 site I just set up to essentially provide a testing
service for several hundred scientists collaborating on solutions
for a set of problems.

site looks like this:

 cmf/
     (Member area, std cmf stuff)
     data/
          set1/ (real data)
               dataset1
               dataset2
               dataset3
               dataset4
          set2/ (simulated data)
               dataset1
               dataset2
               dataset3
               dataset4
               nomv/ (simulated set2 data with no missing values)
                    dataset1
                    dataset2
                    dataset3
                    dataset4
               answ/ (answers to simulated set2 data)
                    dataset1
                    dataset2
                    dataset3
                    dataset4

There are four 'group' roles that can be applied to control access
to these datasets, something like set1, set2, set2nm, setans.
Participant roles are pre-determined, so there is currently no
workflow associated. Just static datasets with pre-determined
permissions, and we have to keep track of which user account accesses
which dataset and when.

Interestingly, neither acl-user roles or local roles allow users
to access the folders AND data in all cases when the site is viewed
with page templates. This is even with local roles set for all
possible roles for each folder and each file in each folder. I.e.
if I constrain the security for particular folders to just certain
roles of set1, set2, set2nm, setans, but then allow a user all
possible roles at the site, it still triggers the authentication
request under certain circumstances.

It appears that the view method is triggering an authentication
request when there is a daughter folder in the folder you have
permission to view, even though you have permissions in that daughter
folder also. Interestingly, when the authentication fails, the file
requested is still downloaded...  Seems clear that it's a folder
view request that is triggering the authentication request.

I am actually using the catalogger to locate the datasets under
controlled conditions, but the problems exist whether one tries to
enter the folder or 'view' the data files via direct url access.

What's up with Page Templates here? I think the site works correctly
without page templates, but I was planning on using page templates...