[Zope] Re: OOP Suggestion: allow local roles to restrict and not only extend user's roles.

Philipp Robbel philipp.robbel@epost.de
Sat, 1 Sep 2001 00:14:42 +0200 

Hi Laurie,

thanks for your quick reply. Yes, that is one option I just tried, but - in
my case - it has a major drawback (see below). First, here's what i did:

- I created a 'test' role with only the permissions to "access contents
information" and "view".
- I created the researchers in the root folder and gave them the "test"
permission.
- I protected the critical dtml and sql methods by making them only
accessible to test & manager - assigned
  people.
- Then in their specific subfolders I gave the researchers the *local_role*
of a Manager.

It works but there is one major drawback in my case. I only quickly checked
but in my case the /database researcher was able to call the
/bioinformatics/show_management_screen and while he couldn't add Documents
in the /bioinformatics directory on that screen (a login box popped up) he
could execute the database methods that inserted the various data under the
/bioinformatics ID just fine.

Did you encounter the same problem?

PS.: the bioinformatics staff is working at the European Media Laboratory in
Heidelberg, Germany (www.eml.org [careful, those pages are old :-) ])

Greetings,
Philipp Robbel



-----Original Message-----
> Hi Philipp - I'm afraid that I don't think I can help you but am
struggling
> with the same kind of problem - I have different research groups who
cannot
> see each others data, but have shared information/methods that they need
to
> execute in context in their respective groups and projects (which also
only
> some people can see)
> My method so far is to define a new role that when the user is created
they
> are added to 'LabLoggedIn'. Then this role has the appropriate permissions
> in the root folder to run the methods that are needed. Then in their own
> groups or projects they have the appropriate local roles granted (these
are
> defined at the root level). We are working on the assumption that the
users
> wont know enough to hack in but I am trying to do it as though they can.
> I don't know if this has helped any, but I am struggling through myself!
> Laurie
>
> PS where is the bioinformatics that you are working with based? I am in
the
> same kind of lab.