[Zope] Security in ZClass
Nick Gaunt
gauntn@eurobell.co.uk
Fri, 19 Apr 2002 15:23:28 +0100
Hi
I am developing a small product using ZClasses that creates a self contained
application (i.e. not reliant on ZMI) with the following structure:
/--StudyBase
|
--- acl_users
|
--- study1
|
--- study2
|
etc
Users are to be managed in the one top level acl_users folder (where they
will be given a role of 'researcher') and then assigned local roles
(administrator, investigator, coordinator) in each study folder. A user may
be a coordinator in one study and investigator in one or more other studies.
Anonymous access is allowed to the site, including limited read access to
documents in study folders.
The top-level ZClass ('StudyBase') in the product is the only one visible in
the 'Select type to add...' list in the root (i.e. all other ZClasses are
nested in the StudyBase class). A python script called when a StudyBase is
instantiated adds an acl_user folder, ZCatalog and certain other standard
folders.
I have two questions:
Firstly, I have a login dtml method defined in the ZClass. I want this to be
constrained to authenticated users only, so that a login dialog is presented
when the anonymous user clicks the login link on the front screen. I can see
no facility in the ZClass ZMI to define security of DTMLMethods. However, if
I copy the method to a normal folder I can change the security, and these
settings are preserved if I then copy the method back into the Product's
folder!
The second related question is how to specify user roles within the ZClass.
How can I define the user roles in my product (and then add them
programmatically when StudyBase is instantiated) when there is no security
tab in the Product ZMI through which to define the product's roles?
Surely there should be a security tab in the Product ZMI or am I missing
something? Am I at the limit of ZClasses? If so, how can this be achieved
through a python product?
Thanks for any pointers!
Nick Gaunt