[Zope] Authenticating many users to manage only their own folders?

Phil Harris phil.harris@zope.co.uk
Mon, 14 Feb 2000 23:38:38 -0000 

Darran,

I would create the users in a root level UserFolder and then assign the user
local roles within their own forlder.

This can be done programmatically, something like:


def add_User(self,
username=None,password=None,confirm=None,domains=[],roles=[]):
    ######
    # let's create the user
    ######

self.acl_users._doAddUser(name=username,password=password,domains=domains,ro
les=roles)
    ######
    # now create the home directory for this member
    ######

self.members.manage_addFolder(id=username,title='',createPublic=0,createUser
F=0)
    title="%s's Homepage" % username
    s="""<dtml-var standard_html_header>
            <h2><dtml-var title_or_id></h2>
            <p>This is the default page created for a Member, it has very
little content, as you can see.

            <p>To see a better example of how Zope works look at the
            <a href="&dtml-SCRIPT_NAME;/zGold/QuickStart">QuickStart</a>
documentation.
            <p>Also see the <a href="&dtml-SCRIPT_NAME;/zGold/Example">XML
examples</a>.
            <p>Most of all have fun!.
            <dtml-var standard_html_footer>"""

eval("self.members.%s.manage_addDTMLDocument(id='index_html',title=title,fil
e=s)" % username)
    ######
    # now set them as manager of this domain
    ######

eval("self.members.%s.manage_addLocalRoles(userid='%s',roles=['Manager'])" %
(username,username))
    return " "

You might want to investigate alternatives to the eval bits though, could be
a bit of a security problem.

HTH

Phil
phil.harris@zope.co.uk


-----Original Message-----
From: Darran Edmundson <Darran.Edmundson@anu.edu.au>
To: zope <zope@zope.org>
Date: 14 February 2000 15:21
Subject: [Zope] Authenticating many users to manage only their own folders?


>My first real foray into security ...
>
>root
>  People (define Admin role here)
>      robert
>         acl_users (robert,Admin)
>      douglas
>         acl_users (douglas,Admin)
>      william
>         acl_users (william,Admin)
>       .
>       .
>
>I want to configure my site such that users can only
>edit their own property sheets.  My naive way of
>accomplishing this is to create an Admin role
>in People's permissions that has management_screen
>access.  I then add a UserFolder in each person's
>ZClass with them as the sole user (Admin role).
>
>It works but there are problems with my naive
>approach:
>
>1) It's cumbersome.  I have to create a UserFolder
>   and User for each person I add (though I guess
>   I can do this programatically in my constructor).
>   To create this, I need to allow UserFolder additions
>   in my ObjectManager-derived class.  Now the logged-in
>   user also has UserFolders as an addable object ...
>
>2) Users can see the acl_users folder in the management
>   screen.  They can delete it.  And if I change Admin
>   so that they can't "delete objects", they can't delete
>   *any* objects, including instances of other objects
>   they've themselves created in this folder.
>
>It's 1:40am here in Oz and I'm shattered having taken
>the day off from my "real" job to make it a long weekend
>of Zoping.  I'd love to awake in the morning to an email
>chorus of advice.  This has got to be a common-enough
>scenario, authentication, not people skipping work to
>Zope ...
>
>Cheers,
>Darran.
>
>
>
>_______________________________________________
>Zope maillist  -  Zope@zope.org
>http://lists.zope.org/mailman/listinfo/zope
>**   No cross posts or HTML encoding!  **
>(Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )
>