[Zope] Common Folders and Security

Stuart Nicholson stuart.nicholson@wirelessdatanz.com
Wed, 3 Oct 2001 09:25:04 +1200


I have common set of resources I want individual clients to access but =
I also want the clients to supply their own secure contexts. However =
being something of a Zope newbie I'm
a little hazy on how I should implement the security in Zope.

I have a folder structure as follows:

- Common
    Common resources (dtml method, images etc. etc.)
- Clients
  - AndyInc
    - acl_user Folder (Users from AndyInc)
  - BobCorp
    - acl_user Folder (Users from BobCorp)

I can set 'Authorised' security on the AndyInc and BobCorp folders and =
then do things like:

http://zope/Common/AndyInc/CommonResource and Zope will ask Andy to =
authorise himself before performing publishing CommonResource in the =
AndyInc context.

http://zope/Common/BobCorp/CommonResource has the same effect only now =
Bob has to authorise himself.

QUESTION: But how do I specify security settings (Roles? Proxy Roles??) =
so that I can stop users from doing things like:

http://zope/Common/AndyInc/BobCorp/CommonResource

Where because of the na=EFve security settings I'm using, Zope will ask =
Andy to authenticate himself and having done so will grant access to =
CommonResource but in the BobCorp
context. Which is NOT what I want.

Do I need to create a new Role for each client folder and then grant =
that Role to the users authorised by the client folder?  Is there a =
better way? Any help greatly
appreciated!

Stuart Nicholson
Software Engineer.
Wireless Data


----------------------------------------------------------------------=20
The information contained in this communication is intended solely for =
the use of the individual or entity to whom it is addressed and others =
authorised to receive it.  It may
contain confidential or legally privileged information.=20
If you are not the intended recipient you are hereby notified that any =
disclosure, copying, distribution or taking any action in reliance on =
the contents of this information is
strictly prohibited and may be unlawful.=20
If you have received this communication in error, please notify us =
immediately by responding to this email and then delete it from your =
system.=20
Wirelessdata Ltd is neither liable for the proper and complete =
transmission of the information contained in this communication nor for =
any delay in its receipt.=20
----------------------------------------------------------------------=20