[Zope] "proxy roles", search engine for documentation.

Rob Page rob.page@digicool.com
Sat, 20 Feb 1999 13:51:08 -0500


Anthony:

>  Ok, more information needed: do the proxy roles augment or replace
>  the roles that the user currently has?

Sorry for the delay in responding.  They (proxy roles) _augment_
existing user roles (per Jim and a little micro-test I just did).

Consider a folder:  Container
containing two documents:  secret_doc and wrapper_doc

wrapper_doc is:

<!--#var standard_html_header-->

  <P>This is a wrapper.  Below is the secret content:</P>
  <BR>
  <!--#var secret-->

<!--#var standard_html_footer-->


We can restrict View access to secret_doc to the role, secret_readers
We can then give wrapper_doc a proxy role of secret_readers

Obviously, as long as Anonymous can View wrapper_doc ANYONE can,
transitively, see secret_doc.

Let's say Bob is in the role guest_readers and NOT in secret_readers.
If we restrict View access on wrapper_doc to guest_readers Bob will be
able to view secret_doc through wrapper_doc but not directly.

I know this is a little hard to follow (it is when I re-read it!) --
Best way is to understand all this is to play with it.

--Rob (Zen 0.2)

P.S. - We're at the thin-air limits of my comprehension so if your
questions go much deeper I'll have to defer to the Zen 0.75+ club!  :^)