Re: [Zope] "segregated" users
Tim Evans wrote at 2005-4-5 16:23 -0500: > ... >The company I work for would like to provide documents to clients via >the web, and only allow one particular client (or group of users from >the same client) access to those documents. I don't want any user to >be able to detect the presence of any other user. Then you must be quite strict with the permissions you grant to "Anonymous". You should read about Zope's security system in the Zope Book (2.6/2.7 edition, online). > I essentially want >several "sites", one for each client, with a group of administrative >users responsible for maintaining these sites and publishing content >to all of them. You implement each site in a "Folder" with its own "acl_users" (a so called UserFolder). Then users defined in such a folder can only see access methods of objects outside this folder when such access is granted to "Anonymous". You defined your administrators in the global "acl_users". -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] "segregated" users
It is possible, I have done something similar. My solution involves giving users a Local Role in a folder to which access is to be granted. I built a small utility (with ZClasses - doh) to make it easy for the Administrators to add users from a database. Cliff Tim Evans wrote: I apologize if this issue is something that has been discussed before, but I searched the archives to no avail. I'm evaluating zope for a project, and I have some questions regarding the extensibility of the user security model. The company I work for would like to provide documents to clients via the web, and only allow one particular client (or group of users from the same client) access to those documents. I don't want any user to be able to detect the presence of any other user. I essentially want several "sites", one for each client, with a group of administrative users responsible for maintaining these sites and publishing content to all of them. What this would require is a group of administrators that can see all sites, as well as restricted users with privileges to exactly one site. I'd also like to avoid having a role for each site, as that could get ugly for almost 1000 clients. It would also be great if we could designate a user to administer only one site, so that they could only publish data to one client. I guess I want "zope-level" users and "application-level" users. Is this something that sane people do? I don't really need a step-by-step, just a "yes, that is possible" or a "no, you're an idiot" before I start digging in to try and do it. Tim ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] "segregated" users
Certainly possible, but you'll need to do a bit of application specific coding. On Tue, 5 Apr 2005, Tim Evans wrote: > I apologize if this issue is something that has been discussed before, > but I searched the archives to no avail. > > I'm evaluating zope for a project, and I have some questions regarding > the extensibility of the user security model. > > The company I work for would like to provide documents to clients via > the web, and only allow one particular client (or group of users from > the same client) access to those documents. I don't want any user to > be able to detect the presence of any other user. I essentially want > several "sites", one for each client, with a group of administrative > users responsible for maintaining these sites and publishing content > to all of them. > > What this would require is a group of administrators that can see all > sites, as well as restricted users with privileges to exactly one > site. > > I'd also like to avoid having a role for each site, as that could get > ugly for almost 1000 clients. It would also be great if we could > designate a user to administer only one site, so that they could only > publish data to one client. > > I guess I want "zope-level" users and "application-level" users. Is > this something that sane people do? > > I don't really need a step-by-step, just a "yes, that is possible" or > a "no, you're an idiot" before I start digging in to try and do it. > > > Tim > ___ > Zope maillist - Zope@zope.org > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) > -- Dennis Allison * Computer Systems Laboratory * Gates 227 * Stanford University * Stanford CA 94305 * (650) 723-9213 * (650) 723-0033 fax * [EMAIL PROTECTED] * [EMAIL PROTECTED] ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] "segregated" users
I apologize if this issue is something that has been discussed before, but I searched the archives to no avail. I'm evaluating zope for a project, and I have some questions regarding the extensibility of the user security model. The company I work for would like to provide documents to clients via the web, and only allow one particular client (or group of users from the same client) access to those documents. I don't want any user to be able to detect the presence of any other user. I essentially want several "sites", one for each client, with a group of administrative users responsible for maintaining these sites and publishing content to all of them. What this would require is a group of administrators that can see all sites, as well as restricted users with privileges to exactly one site. I'd also like to avoid having a role for each site, as that could get ugly for almost 1000 clients. It would also be great if we could designate a user to administer only one site, so that they could only publish data to one client. I guess I want "zope-level" users and "application-level" users. Is this something that sane people do? I don't really need a step-by-step, just a "yes, that is possible" or a "no, you're an idiot" before I start digging in to try and do it. Tim ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )