[Zope] Role and-ing, rather than or-ing?
Etienne Labuschagne
elabuschagne@gmsonline.co.za
Tue, 25 Mar 2003 17:08:21 +0200
Here is my scenario:
I have a folder Acme in my portal (and many other companies' folders - see
great ASCII art at the end of message ;). Only employees of Acme should be
able to view Acme and all it's sub folders. So, I assign the View right to
the User role in folder Acme. Now I must give all the employees of Acme
the local role User to give them access to Acme's folder. So far, so good.
Now I want users of the site to be able to pay a fee to get access to
"special" resources. For instance, Johnny is given the local role User in
the folder Acme (he is an employee), but also the global role, PaidUser as
he paid for access to special resources. This should give him access to
special resources in the public parts of the site AND special resources
under Acme's folder.
In the public parts (which is not a specific company's sub folder), I
assign the View right to PaidUser in the public folder. I assign the View
right to both User AND PaidUser in the special resources folder under
Acme. My problem is that the folder will allow people with User role OR
PaidUser role to view the folder, not people with User role AND PaidUser role.
The only solution I see is the moment I upgrade Johnny from User to
PaidUser, I must walk through the site and find all the folder where he has
the local role User, then change that to PaidUser. This is quite a pain
and doesn't feel like a great idea.
Any better suggestions?
Thanks
Etienne
ROOT ------ Acme ------ AcmeSpecial
|
|
-----Public ------ Public Special
|
|
-----Slacme ------- SlacmeSpecial
Johnny is user on Acme, and PaidUser globally. I would like to mark
AcmeSpecial's view right only for people with BOTH User AND SpecialUser,
this doesn't seem possible in Zope's security model. PublicSpecial will
only be marked as Viewable for PaidUser. So Johnny should be able to see:
Acme, AcmeSpecial, Public, PublicSpecial, but not Slacme and SlacmeSpecial.