[Zope-dev] Help on Zope security needed ...

[R. David Murray]

On Fri, 3 Aug 2001, Joachim Werner wrote:
> 1. An Editor for anything on any branch in the tree should be able to SEE
> the managementButtonBar on top of the site when logged in
> 2. An ordinary visitor of the site should NOT SEE the managementButtonBar,
> not even if he/she calls the object's URL directly
> 3. On the sites the Editors are responsible for, they should see and be able
> to use in-site management buttons/icons like "move up" or "delete" for all
> elements they are authorized to edit (i.e. NOT the basic elements that are
> pre-configured by their "parent" site, like site-wide menu bars etc.).
[...]
> managementButtonBar missing>" in the index_html, and voila: an ordinary user
> would not see the buttons, but my Editor would. Yes, but only if he is an
> Editor in ROOT (that's where the managementButtonBar DTML Method is at
> home).

Couldn't you solve this bit by having two roles (naming could be
difficult; EditorToolUser and Editor, maybe?), one of which gets the
'view' permission for the global tools, and one of which gets the
'modify' permissions for the editable objects in the subfolders?
Of course, you would have to put all users in the root folder
in that case; generally I find that more convenient anyway, myself.
But I haven't done much with user accounts, really.

--RDM