[Zope] Topic Security in DocumentLibrary

Sedat Yilmazer sedat@kibele.com
Mon, 2 Jul 2001 18:49:37 +0300


=20
 Hi Casey and all Zopers,

  Great ! Now I have some limited security in DocumentLibrary... =
Documents are not protected! It seems that we need a check that will =
control if the user has access to any of the topics that document has, =
or maybe a more restricted option : that the user has access to all of =
the topics that document has.

 What I like the most in DocumentLibrary is the file name attached at =
the end of the file object. That makes the life alot easier in the M$ =
world. I have tried the CMF but got tried of Open/save dialogs ( and =
sometimes twice! probably an IE bug)
 Secondly to post a document to CMF you have to go three pages. I can =
understand the first one ( that can be a dropdown box with the type info =
("File", "Folder" etc) ) but I see no reason to have one page for =
metadata and one for the file upload. Is there a reason that I miss for =
that complication?

 Sedat Yilmazer

-----Original Message-----
From: cduncan@kaivo.com [mailto:cduncan@kaivo.com]
Sent: Monday, July 02, 2001 5:40 PM
To: Sedat Yilmazer
Subject: Re: [Zope] Topic Security in DocumentLibrary


Sedat Yilmazer wrote:
>=20
> Hi Zopers
>=20
>  I am working on a M$ Office Client for DocumentLibrary project. It =
seems to be no topics security buit in! ( I mean restrict access to some =
topics based on user role)
>  If I try to restrict access to a topic ( disable 'access conetent =
information' on the security tab of the topic) then the user is banned =
fron the system totally ( system ties to access the restricted topic and =
fails, It comes back with auth. prompt. As the user do not have access =
to that topic system returns with noaccess error screen)
>=20
>  Is there a way to restrict acces to some topics in DocumentLibrary? =
If not I think I will drop the project untill the topic/Document =
security is somehow provided
>=20
> Sedat Yilmazer
>=20

I haven't really addressed this, but I think it would be easy to fix by
making two changes to the DTML code. I will include these changes in the
next release, but here they are:

In the document_browse and the index_chooser methods change the line:

<dtml-in expr=3D"objectValues('Topic Index')">

to read:

<dtml-in expr=3D"objectValues('Topic Index')" skip_unauthorized>

That should help. Let me know if you still run into any problems.
--=20
| Casey Duncan
| Kaivo, Inc.
| cduncan@kaivo.com
`------------------>