[Zope-CMF] recursive permissions and folders
martin f krafft
Sun, 25 May 2003 21:17:27 +0200
Content-Type: text/plain; charset=iso-8859-15
I am a little at a loss here. I would like to provide a subhierarchy
/internal on my site, which is only accessible if the visitor holds
a specific role.
If i remove the 'View' permission for everyone else from that
folder, it seems to work because all child objects acquire
permissions settings from the parent.
But I have a problem: my site is managed by a workflow system, and
thus the 'View' permission is specific to every single object. I can
remove 'View' from /internal, and noone can view that folder or
documents contained in it, but when as visitor directly accesses
e.g. /internal/faq/document, access is granted.
I would have to keep /internal and all documents below it in the
'private' workflow state to maintain this security. Since I have
other Members with workflow change permissions, this is too much of
a risk as humans are well-known to err here and there...
Unix has the 'x' permission, and the following setting does exactly
what I want:
drwxrwx--- Owner Admins /internal
Now the owner and anyone in the group Admins can do whatever they
want in /internal, but anyone else cannot access the directory.
Moreover, if there is a subdir:
drw-rw-rw- Owner Admins /internal/faq/document
still noone but the owner or the Admins could access that file.=20
Is something like this possible in Zope?
How else do people manage this requirement?
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck
keyserver problems? http://keyserver.kjsl.com/~jharris/keyserver.html
get my key here: http://madduck.net/me/gpg/publickey
eleventh law of acoustics:
in a minimum-phase system there is an inextricable link between
frequency response, phase response and transient response, as they
are all merely transforms of one another. this combined with
minimalization of open-loop errors in output amplifiers and correct
compensation for non-linear passive crossover network loading can
lead to a significant decrease in system resolution lost. however,
of course, this all means jack when you listen to pink floyd.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
-----END PGP SIGNATURE-----