[Zope] Need help with security and local roles w/ GRUF
Jake Latham
jlatham at datasplice.com
Fri Jan 16 15:45:11 EST 2004
Hey all -
we've been banging our heads against this problem for the better part of a
day now with no results, so I thought I'd try the list, since I couldn't
turn up any results in the list archives that matched:
We've got a Zope/Plone site where we want our customers to be able to log
in, and be taken to their directory:
/Customers/
CustomerA/
CustomerB/
...
That much works fine. The problem is that we need to set up permissions so
that the customers can only see their own directory, i.e. CustomerA cannot
go poking around in CustomerB's folder, were they to type in the correct URL
(or by mistake)
We've fiddled with various combinations of local roles and defining a new
role - "Customer" to try and limit permissions, but we can't get it to work
quite right. Perhaps we are not modifying the correct Permission? (We had
been modifying the "view" permission).
We'd like it so that when a user is logged in, he can go anywhere he pleases
on the site as a user, except for the directories of other customers that
are not his own.
This seems like a simple problem, but Zope and GRUF just weren't working the
way we were thinking I guess?
Thanks for any assistance...
-Jake
More information about the Zope
mailing list