[Zope] newbie question

Tony.McDonald@newcastle.ac.uk Tony.McDonald@newcastle.ac.uk
Sat, 9 Oct 1999 11:35:58 +0100 (BST)


> 
> 
> I think Tony mixed up a tip from me on how to _exclude_ access from a 
> certain domain. Zope's access control is very powerful and very simple, but 
> if you want to exclude one domain from access you have to twist and wriggle 
> a bit. Tony wriggled a bit further in that direction to get 'normal' access 
> control.
> 

Quite right, I mangled a tip that Martijn posted (what seems like) eaons ago. The method I posted is to allow access from certain domains, whilst denying access from others (in my example, everyone not in the ncl.ac.uk domain).
 

> Normally, you'd define a new Role (like 'Visitor'), that you give the 
> permissions that the Anoonymous role normally has, and revoke all Anonymous 
> permissions. Then you can assign that role to anyone you want to have 
> access. See the Z Content Managers Guide on Zope.org
> 

This is a very powerful system. It's *extremely* fine-grained and more manageble than .htaccess files (I seem to remember a discussion on the PHP list that implied that the order in which .htaccess files is 'looked up' is not easily discovered. That is, if you have .htaccess files in sub-directories, it's not obvious which one will be acted upon. Zope on the other hand, is considerably better in this regard).

In other words, the Zope 'permissions' system is very flexible and can almost certainly do what you want.

hth
tone.