[Zope-dev] Role Inheritance? Timeout?

Stuart 'Zen' Bishop zen@cs.rmit.edu.au
Thu, 28 Oct 1999 16:08:21 +1000 (EST)


On Wed, 27 Oct 1999, John Fohrman wrote:

> 1. Role Inheritance: Currently, the permissions associated with "Role A" and
> "Role B" can be assigned to a single user.  However, they can't be assigned
> to "Role C" (ideally along with additional permissions).

You can't do exactly what you ask, and I doubt Zope could be easily hacked
into shape to do it since the security is a fundamental part rather than
tacked on top. There are plenty of ways to work around this though.
I'm pulling my assigned roles from a central RDBMS which ensures that
everyone who is 'Technical Staff' is also 'Helpdesk', 'Staff' and 'Default'.
As the roles are retrieved from your authentication system, and if the
simple one Zope ships with doesn't meet your requirements, you can
enhance it with whatever intelligence you require.

> 2. Timeout: If I walk away from my computer while using Zope, and return an
> hour later, someone could use Zope without my permission.  With a timeout, I
> could say "log me off if you haven't heard from me in (specified number of)
> minutes.

This is handled by the authentication implementation you are using.
The default (read ships with zope) uses HTTP Basic Authentication
which means it works with just about every brower and proxy server,
but can't. Other UserFolder's can handle this anyway they want (cookies,
whatever). I'll probably end up with this functionality in the generic
one I'm writing, and the Zope architecture allows you the flexibility
to write your own.

 ___
   //     Zen (alias Stuart Bishop)     Work: zen@cs.rmit.edu.au
  // E N  Senior Systems Alchemist      Play: zen@shangri-la.dropbear.id.au
 //__     Computer Science, RMIT 	 WWW: http://www.cs.rmit.edu.au/~zen