[Zope] Some doubt about how to best assign user rights.

[Rik Hoekstra]

Max M=F8ller Rasmussen wrote:
>=20
> I have the following hierachy:
>=20
> school
>     class 1
>         student 1
>             student 1 content
>             student 2 content
>             etc.
>         student 2
>         student 3
>         etc.
>     class 2
>     class 3
>     etc.
>=20
> And basically there is three different typs of users:
>=20
> Administrators
> Teachers
> Students
>=20
> My problem is that I want to give each student the right to edit the co=
ntent
> in their own folder. Their folder is a zClass that subclasses objectman=
ager,
> and they can only add certain other classes. Now how do I best set out =
to do
> that?
>=20
> It should also be easy for the teacher to administer his students. The
> options I can see:
>=20

The first question is how a teacher would administer his students. How do
students apply for a class, or are they just assigned to it? Some more qu=
estions
that are relevant to the security question:=20
- How and when are the students added to the class. Who else has rights i=
n the
student folders?


> - Make an acl_users folder in each student folder, and give the student=
 the
> admin role in that folder. That would work but seems a bit longwinded.

not very elegant.=20

>=20
> - Make a student an owner of a folder? (I am not really shure what
> consequences that would have)

This may be a good solution. THe consequences depend on what permissions =
you
assign to the owner ;-)
Another solution might be assigning students a local role. I doubt whethe=
r the
three roles you mention are enough - to me it seems a student-administrat=
or
would be necessary. Assigning a local Administrator role may turn out to =
be a
bit risky.

hth

Rik