[Zope-dev] User Folders and Zope security
brian.r.brinegar.1
brinegar@purdue.edu
Fri, 2 Nov 2001 10:47:48 -0500 (EST)
We have a custom UserFolder that authenticates users agains a PH
directory. This means that we have the same 30,000 or so users defined in
all of our user folder instances.
Seeing no reason to redefine users in multiple user folders we made a
decission to place one user folder in the root of our system and then
grant users local roles on an object by object basis.
Everything works great!
Problem:
We would like to have some roles assigned dynamically based on user
information. For example: A role called "Staff" if the PH directory has
the user listed as staff. We would like to be able to do this on an object
by object basis, but have the roles only exist for a single request. So
we don't have to give 15,000 people a local role and then track who leaves
and who gets hired.
Example:
Folder hierarchy:
/Work
We would like something in "Work" that says if the authenticated user is
staff they get the local role "Staff" The user would be defined in the
User Folder in the root.
We're open to any solutions/comments.
Thanks,
--Brian Brinegar
ECN Web Technician
MSEE 104 A 494-3106
http://www.geeksoft.net/