[Zope] set permission dependig from domain

Joel Burton joel@joelburton.com
Thu, 28 Feb 2002 10:49:05 -0500 (EST)


On Thu, 28 Feb 2002, Marcus Bergmann wrote:

> Hello,
>
> is it possible to set permissions, e.g. 'view', depending from the
> surfers domain? I need to protect files and folders from viewing by
> surfers outside our domains. I dont want a login screen!

Haven't tried this, but would it work to:

in outer folder, create user "bob" with low privileges (ie can't view
documents in question)

in inner folder, create user "bob" with same password and higher
privileges (ie can view docs in question) __and__ with restricted domain
list

when zope goes to show bob the content, it would fail with the inner bob
if he's not from the right domain and fall back on the outer bob who lacks
the right privileges.

Not sure if it would do this, though: it might not bubble up to the next
bob. If it sounds interesting, check & see & let us know.

-*-

if this doesn't work, something more programmatic, like a SetAccessRule
python script in the folder in question would work. This would compare the
requester's domain and could raise an exception. It's not nice, clean
declaration security like above, but, hey, it would get the job done.

-*-

btw: if you're using a different webserver (eg apache) as the front end,
you might not be getting the real browser IP address proxied to you; you
might be getting the IP address of your apache box. Search the list for
messages about this for workarounds.

-- 

Joel BURTON  |  joel@joelburton.com  |  joelburton.com  |  aim: wjoelburton
Independent Knowledge Management Consultant