[Zope] Need help with site structure

Mitch Duvall mduvall@webversant.com
Wed, 15 Mar 2000 12:49:12 -0600 

I'm setting up a Zope site, and would like to know if the approach described
below makes sense. I imagine this is a no-brainer for the more experienced,
but I'd appreciate some feedback so I don't go too far afield. Thank you!

In a nutshell, the site will give customers the ability to run reports
against application data that we're hosting for them. There will also be an
area for developers to log on and tweak parameters of the hosted app.

User Management
---------------
To keep the user accounts organized, I'd like each customer organization
(say, ABC Corporation) to have a folder that contains an acl_users folder.
I'd merely prefer to look at a few users at a time instead of seeing them
all together.

When a users logs on, I'd like that user to have a role of custUser,
custAdmin, or custDeveloper. I'd define these roles at the root. I'd also
like the user to acquire (if that's the term) properties of the customer
account, such as customer ID, so customer ID would be a property of the
customer folder(?).

So folder-wise there'd be;
root/customers (containing...)
root/customers/abc_corp
              /...
root/customers/xyz_corp (each with an acl_users folder)

Site Content
------------
This side of the site seems straightforward. The user's role will determine
what's visible/accessible, and the user's acquired customer ID will
determine which application data can be included in reports.

root/mysite (will contain content sub-folders, such as...)
root/mysite/eggs
           /spam
           /reports
           /developers (custDeveloper role required for access)
           (more content sub-folders)

So the question is...
---------------------
My main question is the user authorization / acquisition piece. How do I run
username and password through the contents of the root/customers folder?

If the folder layout described above makes sense, is this authorization
piece a job for a ZSQL Method, for GUF, or for both? Last week's "virtual
folders / url's" thread provided interesting info ZSQL Methods.

Also, any comments about holes or vulnerabilities in this approach are
welcome.

Thank you.

Mitch Duvall


__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com