[Zope] Authenticating many users to manage only their own folders?
Darran Edmundson
Darran.Edmundson@anu.edu.au
Tue, 15 Feb 2000 01:44:37 +1100
My first real foray into security ...
root
People (define Admin role here)
robert
acl_users (robert,Admin)
douglas
acl_users (douglas,Admin)
william
acl_users (william,Admin)
.
.
I want to configure my site such that users can only
edit their own property sheets. My naive way of
accomplishing this is to create an Admin role
in People's permissions that has management_screen
access. I then add a UserFolder in each person's
ZClass with them as the sole user (Admin role).
It works but there are problems with my naive
approach:
1) It's cumbersome. I have to create a UserFolder
and User for each person I add (though I guess
I can do this programatically in my constructor).
To create this, I need to allow UserFolder additions
in my ObjectManager-derived class. Now the logged-in
user also has UserFolders as an addable object ...
2) Users can see the acl_users folder in the management
screen. They can delete it. And if I change Admin
so that they can't "delete objects", they can't delete
*any* objects, including instances of other objects
they've themselves created in this folder.
It's 1:40am here in Oz and I'm shattered having taken
the day off from my "real" job to make it a long weekend
of Zoping. I'd love to awake in the morning to an email
chorus of advice. This has got to be a common-enough
scenario, authentication, not people skipping work to
Zope ...
Cheers,
Darran.