[Zope] Permissions / System design (zope Newbie)

Giuseppe Bonelli g.bonelli@pn.itnet.it
Sat, 18 Aug 2001 21:02:40 +0200


Hi Tilo,

why don't you use a property "download permission" mapped to a new =
permission ?

You can grant the new permission only to role staff, to avoid the =
students changing the property themselves when accessing the view method =
!

Hope this helps,

--peppo

PS: are you storing the PDFs on the file system or in the ZooDB ?

-----Original Message-----
From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Tilo
Renz
Sent: sabato 18 agosto 2001 17.07
To: zope@zope.org
Subject: [Zope] Permissions / System design (zope Newbie)


Hello,

I have two user groups (role student and role staff). In the following =
setup the method view shows Information about the XY-File stored as =
Properties of XY.pdf. Both roles should be allowed to view this =
information. _The students_must_not_be able to download XY.pdf._

My Setup:
+-+-DTML-Method: view
  I
  +-Folder: data
    I
    +-File: XY.pdf

In order to make data/XY.pdf/view accessible to the students they must =
have the rights 'view' and 'Access contents information' on XY.pdf. =
Which means they also can download the file, which is unwanted.

Now I thought for solutions:

Variant A:
Replace the view method by a python script show(id) which gets the =
Document-Id (eg XY.pdf) as Parameter and is called on the data-folder. =
Then setting up a proxy for show(id), so that students can call it, =
although they don't have any permissions on XY.pdf:

+-+-python-Script: show(id)
  I
  +-Folder: data
    I
    +-File: XY.pdf

I must call data/show?id=3DXY.pdf to get the information about XY
Disadvantages: Not really object oriented. Needs writing a new =
show-script and rewriting other methods in the project because calls are =
now going to other URLs. More difficulties if show needs additional =
cgi-Parameters

Variant B:
Setting up 2 Trees, data for the staff, public for students. Write a =
script that copies everything from data to public except the Files like =
XY.pdf, which should be 0-Byte copies, but with all properties.
Disadvantages: Ugly redundancy. Costs disk-space and time for copying.


What do you think about my problem? What should I do? Have I overseen =
something and are there better solutions?

Thanks in advance.

Tilo

_______________________________________________
Zope maillist  -  Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -=20
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )