[Zope] Permissions / System design (zope Newbie)

Tino Wildenhain tino@wildenhain.de
Sat, 18 Aug 2001 21:35:08 +0200 

Hi Tilo,

why dont you just set your view method an appropriate
proxy role?

This allows users to access view while they are not
able to access the object directly.

HTH
Tino Wildenhain

--On Samstag, 18. August 2001 17:06 +0200 Tilo Renz <tilo.renz@student.uni-ulm.de> wrote:

> Hello,
>
> I have two user groups (role student and role staff). In the following setup the method view
> shows Information about the XY-File stored as Properties of XY.pdf. Both roles should be
> allowed to view this information. _The students_must_not_be able to download XY.pdf._
>
> My Setup:
> +-+-DTML-Method: view
>   I
>   +-Folder: data
>     I
>     +-File: XY.pdf
>
> In order to make data/XY.pdf/view accessible to the students they must have the rights 'view'
> and 'Access contents information' on XY.pdf. Which means they also can download the file,
> which is unwanted.
>
> Now I thought for solutions:
>
> Variant A:
> Replace the view method by a python script show(id) which gets the Document-Id (eg XY.pdf) as
> Parameter and is called on the data-folder. Then setting up a proxy for show(id), so that
> students can call it, although they don't have any permissions on XY.pdf:
>
> +-+-python-Script: show(id)
>   I
>   +-Folder: data
>     I
>     +-File: XY.pdf
>
> I must call data/show?id=XY.pdf to get the information about XY
> Disadvantages: Not really object oriented. Needs writing a new show-script and rewriting
> other methods in the project because calls are now going to other URLs. More difficulties if
> show needs additional cgi-Parameters
>
> Variant B:
> Setting up 2 Trees, data for the staff, public for students. Write a script that copies
> everything from data to public except the Files like XY.pdf, which should be 0-Byte copies,
> but with all properties. Disadvantages: Ugly redundancy. Costs disk-space and time for
> copying.
>
>
> What do you think about my problem? What should I do? Have I overseen something and are there
> better solutions?
>
> Thanks in advance.
>
> Tilo
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )