[Zope] Per-user authorization to folder using SiteAccess rules
Dieter Maurer
dieter at handshake.de
Fri May 7 14:29:47 EDT 2004
Andy Altepeter wrote at 2004-5-7 10:59 -0500:
>I have a zope folder that contains multiple documents. Users order a
>document to be created by our communications office. That office then
>uploads that word document (not through ZMI). I want users to have
>access to ONLY those documents they have ordered. And all this needs to
>be done programmatically and not through ZMI.
> ...
>Is there another way to do this?
Yes.
Protect your documents by a permission granted only to priviledge roles.
This will prevent normal users to access them directly.
Provide an access service though a PythonScript.
You can use the "sub_traversal" feature of "PythonScripts" to
do this easily. Give this (or these) scripts a proxy role (see
Zope book, for details) such that they have the necessary priviledge
to access the documents.
--
Dieter
More information about the Zope
mailing list