[Zope] Aquisition, UserFolder and security

[bruno modulix]

Dieter Maurer wrote:
> bruno modulix wrote at 2005-9-29 13:20 +0200:
> 
>>...
>>
>>>>The problem here is that CPS (the portal and all CPMs are CPS instances)
>>>>uses predefined roles, on which the various workflows relies, so that
>>>>would mean renaming all roles - differently - on each CPM, and modifying
>>>>the workflows too.
>>>
>>>
>>>I think that is would only be necessary that the roles
>>>are disjoint between "Portal" and "CPM". All "CPM"s can use
>>>the same roles.
>>
>>Nope. Some users may have different roles from CPM to CPM.
> 
> 
> I did not say that the "user to role" mapping should (or even must)
> be identical in all CPMs but that the *set* of roles *might* be identical
> in all CPMs -- or to say it differently: that you are not forced
> to use disjoint role sets for any pair of CPMs.
> 
> Hopefully, you see the difference...
> 

Dieter, I didn't misunderstood your proposed solution. But some users
exist in different CPMs with different roles in each CPM. So - unless
I'm totally at lost with how Zope's security works - if User1 has role
RoleWithMuchPrivileges in Cpm1 and role RoleWithFewPrivileges in Cpm2,
he could gain RoleWithMuchPrivileges in Cpm2 just by using faked url
cpm1/cpm2/whatever_he_should_not_access_here. Worse, anyone existing in
any CPM could gain access to any other CPM just by faking url.

See, it's not only a 'portal roles' vs 'CPMs roles' problem, it's a
'siblings CPS  instances in the same Zope container with a same domain
name' problem. Playing with roles and permissions aquisition settings
and whatever is not the solution here IMHO. Detecting and correcting
'faked' urls would be simpler and better - and that's somehow the
solution I applyed - even if in a somewhat hackish way.

BTW I'm still looking for a "hands on" doc on traversal hooks, if
there's such a thing...


-- 
Bruno Desthuilliers
Développeur
bruno at modulix.org