[Zope-dev] User Folders and Zope security

brian.r.brinegar.1 brinegar@purdue.edu
Fri, 2 Nov 2001 13:00:05 -0500 (EST)


On Fri, 2 Nov 2001, Stephan Richter wrote:

>
> >We would like something in "Work" that says if the authenticated user is
> >staff they get the local role "Staff" The user would be defined in the
> >User Folder in the root.
>
> I think the problem is rather trivial. Since you wrote your own user folder
> it is so easy to add custom roles.
>
> Do you have the directory path? I guess so.
>
> So you should able to figure out whether a user is a member of a certain
> group by parsing the path.
> Then you create the roles based on the group behavior.
>
> All you gotta do now is to overwrite the API method getRoles(self) (in
> User) and add the new roles to the return list. This way it is always
> generated on the fly and if the user changes directories the roles will
> change as well.

We have two folders and a user folder in the root:

/folder1
/folder2
/acl_users

inside of each of the folders I have a script called authorize that
returns a list of roles for that context based on user information.

if someone accesses /folder1 and gets the manager role I wanted it to be
tied to the folder1 object. Not available within folder2 so having it just
add those roles to getRoles doesn't work. Because the roles are associated
with the user folder in the root, not the folder.

--Brian Brinegar
  ECN Web Technician
  MSEE 104 A 494-3106
  http://www.geeksoft.net/