[Zope] Permissions / System design (zope Newbie)
Tilo Renz
tilo.renz@student.uni-ulm.de
Sun, 19 Aug 2001 15:59:21 +0200
Joachim Werner schrieb:
>
> > I have two user groups (role student and role staff). In the following
> setup the method view shows Information about the XY-File stored as
> Properties of XY.pdf. Both roles should be allowed to view this information.
> _The students_must_not_be able to download XY.pdf._
>
> Hi!
>
> There is a rather easy solution:
>
> You need a "view" method in root that displays the attributes of the PDF
> docs, something like:
>
> <dtml-var standard_html_header>
> <dtml-var id><br>
> <dtml-var docSize>
> <dtml-var standard_html_footer>
>
> The students should be able to view that method. Then create a folder in
> root, called "docs" or so. For this folder, you grant "Access contents
> information" to students, but not the "View" permission.
>
> Now you can do http://yourserver/docs/aPdfDocument.pdf/view as a student,
> but if you do http://yourserver/docs/aPdfDocument.pdf, you'll get an error.
My observation is that I need the "View" permission on the pdf to access http://yourserver/docs/aPdfDocument.pdf/view, which includes the ability to download http://yourserver/docs/aPdfDocument.pdf
Tilo