[Zope] Stupid User Access Question

James W. Howe jwh@allencreek.com
Fri, 11 Feb 2000 12:37:25 -0500 

At 04:44 PM 2/11/00 +0000, Tony McDonald wrote:
>At 10:59 am -0500 11/2/00, James W. Howe wrote:
>>I have some confusion over how to build a web site in Zope which allows 
>>people to access the site either as a "normal" web site, or to access it 
>>for the purpose of maintenance.
>>[...]
>
>Alternatively, *you* can add restraints to people using the site. This is 
>done by turning off  'Acquire Permission Settings' for the 'View' 
>permission on a file or folder. You then turn on the permission for the 
>'Owner' role. When someone tries to access that file, they'll get the 
>standard authentication dialog box pop up. If they are in the acl_users 
>folder with role Owner they can get in by filling in the boxes.

Let me describe a mechanism that I'm contemplating and see if it makes sense.

I have a root folder named Foo which contains all the content for my web 
site.  The Foo folder has a user folder defined for it.  I create a new 
role called "registered".  For each subfolder that I want to be publicly 
viewable I simply use the default security level.  For any folder which is 
only accessible to registered users I change the security to prevent 
acquisition of the "Access Contents Information" and instead check it for 
all applicable roles other than anonymous.  For example, I would select it 
for the "registered" role.

The above seems to cover most of my site, however I still have a 
problem.  My Foo root folder contains several "utility" type 
DTMLMethods.  Under the scheme described above any user could view the 
methods if they typed the appropriate URL.  The key thing is that I want 
the user to be able to view the index_html method, for example, but I don't 
want them arbitrarily accessing other methods.  I suppose I could put my 
utility methods in their own folder, but then accessing them is more 
complicated.  What do most people do to handle this situation?

Thanks.

James W. Howe				mailto:jwh@allencreek.com
Allen Creek Software, Inc.		pgpkey: http://ic.net/~jwh/pgpkey.html		
Ann Arbor, MI  48103