Dieter Maurer wrote:
bruno modulix wrote at 2005-9-29 13:20 +0200:
...
The problem here is that CPS (the portal and all CPMs are CPS instances)
uses predefined roles, on which the various workflows relies, so that
would mean renaming all roles - differently - on each CPM, and modifying
the
bruno modulix wrote at 2005-9-30 09:38 +0200:
...
Dieter, I didn't misunderstood your proposed solution. But some users
exist in different CPMs with different roles in each CPM. So - unless
I'm totally at lost with how Zope's security works - if User1 has role
RoleWithMuchPrivileges in Cpm1 and
Dieter Maurer wrote:
bruno modulix wrote at 2005-9-28 10:02 +0200:
Dieter Maurer wrote:
...
Sounds like a permission to role mapping flaw...
Apparently, roles controlled by the Portal UserFolder (e.g.
Authenticated) are allowed to do things in your CPM that
you only be allowed by roles
bruno modulix wrote at 2005-9-29 13:20 +0200:
...
The problem here is that CPS (the portal and all CPMs are CPS instances)
uses predefined roles, on which the various workflows relies, so that
would mean renaming all roles - differently - on each CPM, and modifying
the workflows too.
I think
Dieter Maurer wrote:
Hi Dieter
bruno modulix wrote at 2005-9-27 11:34 +0200:
I have a little problem with aquisition and security. We have a project
using multiple CPS instances (for those that don't know CPS, it's a CMF
based groupware/CMS) running in the same Zope instance, and being
+---[ bruno modulix ]--
| Dieter Maurer wrote:
|
| Hi Dieter
|
| bruno modulix wrote at 2005-9-27 11:34 +0200:
|
| I have a little problem with aquisition and security. We have a project
| using multiple CPS instances (for those that don't know CPS, it's a CMF
| based
Andrew Milton wrote:
(snip)
And turning off Acquire roles on the security tab of the folders you don't
want to have acquired doesn't work?
This would probably be the cleanest solution here, and - shame on me - I
didn't even think of it. Now the problem is that CPS has a very complex
bruno modulix wrote at 2005-9-28 10:02 +0200:
Dieter Maurer wrote:
...
Sounds like a permission to role mapping flaw...
Apparently, roles controlled by the Portal UserFolder (e.g.
Authenticated) are allowed to do things in your CPM that
you only be allowed by roles controlled by their
Hello hi
I have a little problem with aquisition and security. We have a project
using multiple CPS instances (for those that don't know CPS, it's a CMF
based groupware/CMS) running in the same Zope instance, and being
siblings of each others [1]. One of these instances is the main entry
point
Each CPS instance has its own UserFolder. All users exists in the
portal's UserFolder, but only exists in some CPMs UserFolders. Now the
problem is that, due to acquisition, a member existing in the
Portal but
not in a given CPM can gain access to this CPM by faking the url - ie:
going to
Jens Vagelpohl wrote:
Each CPS instance has its own UserFolder. All users exists in the
portal's UserFolder, but only exists in some CPMs UserFolders. Now the
problem is that, due to acquisition, a member existing in the Portal but
not in a given CPM can gain access to this CPM by faking the
On 27 Sep 2005, at 11:17, bruno modulix wrote:
A normal pattern to use here would be to have one central user folder
(e.g. at the root) and work with local roles in the sub-portals
instead
of having several user folders.
I know, but I don't think it will possible here (this is an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Bruno,
If you're using a central LDAP for all the instances you can restrict
the access from the different instances using either
LDAPUserGroupsFolder or CPSUserFolder.
Discrimination are done by LDAP branches (users or groups). If you can't
Julien Anguenot wrote:
Hi Bruno,
Hi Julien,
If you're using a central LDAP for all the instances you can restrict
the access from the different instances using either
LDAPUserGroupsFolder or CPSUserFolder.
Discrimination are done by LDAP branches (users or groups). If you can't
control
Jens Vagelpohl wrote:
On 27 Sep 2005, at 11:17, bruno modulix wrote:
A normal pattern to use here would be to have one central user folder
(e.g. at the root) and work with local roles in the sub-portals
instead
of having several user folders.
I know, but I don't think it will
Jonathan wrote:
Could you create a central user folder (in root) and then create an
external method which queries all of the LDAP branches and returns the
appropriate local roles to the central user folder when the user logs
in? This way you get a central user folder and can keep all your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
bruno modulix wrote:
Julien Anguenot wrote:
Hi Bruno,
Hi Julien,
If you're using a central LDAP for all the instances you can restrict
the access from the different instances using either
LDAPUserGroupsFolder or CPSUserFolder.
Julien Anguenot wrote:
bruno modulix wrote:
Julien Anguenot wrote:
(snip)
To sum up it's a matter of configuration.
I'm afraid there's more to it than just a matter of configuration, cf
below...
I confirm. For having done the intranet of the Senegal gouvernement
(almost 35 CPS (one
] Aquisition, UserFolder and security
Julien Anguenot wrote:
bruno modulix wrote:
Julien Anguenot wrote:
(snip)
To sum up it's a matter of configuration.
I'm afraid there's more to it than just a matter of configuration, cf
below...
I confirm. For having done the intranet of the Senegal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
bruno modulix wrote:
You'll find it on the cps-users list. I'm not a CPS expert[1] - and not
even a Zope expert - but from what I saw, it seemed to imply more than
only TALES expressions...
[1] given the change pace and resulting lack of
Julien Anguenot wrote:
bruno modulix wrote:
You'll find it on the cps-users list. I'm not a CPS expert[1] - and not
even a Zope expert - but from what I saw, it seemed to imply more than
only TALES expressions...
[1] given the change pace and resulting lack of documentation, I guess
only you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
bruno modulix wrote:
Julien Anguenot wrote:
bruno modulix wrote:
You'll find it on the cps-users list. I'm not a CPS expert[1] - and not
even a Zope expert - but from what I saw, it seemed to imply more than
only TALES expressions...
[1] given
bruno modulix wrote at 2005-9-27 11:34 +0200:
I have a little problem with aquisition and security. We have a project
using multiple CPS instances (for those that don't know CPS, it's a CMF
based groupware/CMS) running in the same Zope instance, and being
siblings of each others [1]. One of these
23 matches
Mail list logo