[Zope-CMF] Private CMF site
Wed, 19 Feb 2003 13:17:53 -0500
On 19 February 2003, george donnelly said:
> [Greg Ward wrote (email@example.com) on 2/19/03 11:37 AM]
> > Or is there a
> > better/easier/simpler/cleaner/working way to make a CMF site private
> > that doesn't involve mass permission twiddling?
> have you seen Ausum's howto?
Ahh, thank you, that helps. Works with a vanilla CMF site, and it gives
me enough clues that I might just be able to get it to work with my real
Can someone explain what "Access contents information" means? I've
Google'd for it and grep'd the Zope source code but have not yet
achieved enlightenment. Is there any place where Zope permissions are
As an aside, it looks as though CMF really wasn't designed with
"members-only" sites in mind. In particular, the default main_template
makes liberal use of here/portal_membership, here/portal_actions, etc.
That means that any attempt to render a nice-looking login_form or
logged_out depends on having access to here/portal_* -- ie. you want
your login_form and logged_out to use the same skin as the rest of your
site, meaning you need to use main_template, meaning anonymous users
need to be able to access here/portal_*.
I can see three possible ways out:
* rewrite main_template to defend against permission failures, eg.
"define mtool here/portal_membership | nothing" -- which gets
hairy because then you have to code around mtool not being
defined, and so on down the line
* use vanilla login_form and logged_out pages -- ie. don't use
the same skin as the rest of your site (works, but looks
unprofessional -- especially since the login_form is the first
thing every user will see!)
* grant appropriate permissions on /portal/portal_* -- I guess
give Anonymous "Access contents information" and "View", but
I'm not really sure if this will work.
I'm going to play around with the last of these, but can anyone think of
a nicer way? (Short of using Plone: I have a feeling this site will
eventually migrate to Plone, but it ain't gonna happen today.)
Greg Ward <firstname.lastname@example.org> http://www.gerg.ca/
Never put off till tomorrow what you can avoid all together.