Re: [Zope] segregated users
It is possible, I have done something similar. My solution involves giving users a Local Role in a folder to which access is to be granted. I built a small utility (with ZClasses - doh) to make it easy for the Administrators to add users from a database. Cliff Tim Evans wrote: I apologize if this issue is something that has been discussed before, but I searched the archives to no avail. I'm evaluating zope for a project, and I have some questions regarding the extensibility of the user security model. The company I work for would like to provide documents to clients via the web, and only allow one particular client (or group of users from the same client) access to those documents. I don't want any user to be able to detect the presence of any other user. I essentially want several sites, one for each client, with a group of administrative users responsible for maintaining these sites and publishing content to all of them. What this would require is a group of administrators that can see all sites, as well as restricted users with privileges to exactly one site. I'd also like to avoid having a role for each site, as that could get ugly for almost 1000 clients. It would also be great if we could designate a user to administer only one site, so that they could only publish data to one client. I guess I want zope-level users and application-level users. Is this something that sane people do? I don't really need a step-by-step, just a yes, that is possible or a no, you're an idiot before I start digging in to try and do it. Tim ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] segregated users
Tim Evans wrote at 2005-4-5 16:23 -0500: ... The company I work for would like to provide documents to clients via the web, and only allow one particular client (or group of users from the same client) access to those documents. I don't want any user to be able to detect the presence of any other user. Then you must be quite strict with the permissions you grant to Anonymous. You should read about Zope's security system in the Zope Book (2.6/2.7 edition, online). I essentially want several sites, one for each client, with a group of administrative users responsible for maintaining these sites and publishing content to all of them. You implement each site in a Folder with its own acl_users (a so called UserFolder). Then users defined in such a folder can only see access methods of objects outside this folder when such access is granted to Anonymous. You defined your administrators in the global acl_users. -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] segregated users
I apologize if this issue is something that has been discussed before, but I searched the archives to no avail. I'm evaluating zope for a project, and I have some questions regarding the extensibility of the user security model. The company I work for would like to provide documents to clients via the web, and only allow one particular client (or group of users from the same client) access to those documents. I don't want any user to be able to detect the presence of any other user. I essentially want several sites, one for each client, with a group of administrative users responsible for maintaining these sites and publishing content to all of them. What this would require is a group of administrators that can see all sites, as well as restricted users with privileges to exactly one site. I'd also like to avoid having a role for each site, as that could get ugly for almost 1000 clients. It would also be great if we could designate a user to administer only one site, so that they could only publish data to one client. I guess I want zope-level users and application-level users. Is this something that sane people do? I don't really need a step-by-step, just a yes, that is possible or a no, you're an idiot before I start digging in to try and do it. Tim ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] segregated users
Certainly possible, but you'll need to do a bit of application specific coding. On Tue, 5 Apr 2005, Tim Evans wrote: I apologize if this issue is something that has been discussed before, but I searched the archives to no avail. I'm evaluating zope for a project, and I have some questions regarding the extensibility of the user security model. The company I work for would like to provide documents to clients via the web, and only allow one particular client (or group of users from the same client) access to those documents. I don't want any user to be able to detect the presence of any other user. I essentially want several sites, one for each client, with a group of administrative users responsible for maintaining these sites and publishing content to all of them. What this would require is a group of administrators that can see all sites, as well as restricted users with privileges to exactly one site. I'd also like to avoid having a role for each site, as that could get ugly for almost 1000 clients. It would also be great if we could designate a user to administer only one site, so that they could only publish data to one client. I guess I want zope-level users and application-level users. Is this something that sane people do? I don't really need a step-by-step, just a yes, that is possible or a no, you're an idiot before I start digging in to try and do it. Tim ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) -- Dennis Allison * Computer Systems Laboratory * Gates 227 * Stanford University * Stanford CA 94305 * (650) 723-9213 * (650) 723-0033 fax * [EMAIL PROTECTED] * [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )