[Zope] [announce] Local File System product

Kent Polk kent@goathill.org
26 Oct 1999 17:16:11 GMT


On 25 Oct 1999 20:50:01 -0500, Evan Gibson wrote:
>On Mon, Oct 25, 1999 at 06:12:12PM -0700, Jonothan Farr wrote:
>> > Issues to address:
>> >     security (not as much of a problem as with my read/write product)
>> The only security issue I've addressed is that '..' is not allowed as a
>> directory name, it will throw a ValueError. Also, of course the Zope server
>> has to have permissions to access any files that it tries to read through
>> LocalFS. If anyone can think of any others please let me know.
>
>I was planning on writing a product like this myself (but of course didn't 
>quite get past just thinking about it in my head! I have so many projects
>like that!)
>What I was planning on doing for security was having an "access" file in
>the products directory that contained a list of directories and a list of
>the files (allowing wildcards) that you were allowed to access in _that_
>directory. It was going to default to only letting you read txt and log
>files in the product directory itself (defined by .).
>You could also add roles to this file.

My 'file access' product creates Zope folders which correspond to
directories and other interesting objects. These Zope folders
can use the std zope acl_users (or whatever) and can also contain
methods and products in the Zope database specific to that
directory or file tree. This allows you to create different meta-data
for the same directories, depending on how they are accessed from
Zope (different subdir folders pointing at the same filesys path).