I've also been interested in this..
Here is what I came up with.
You can query the users permissions from TALES.
Code:
<tal:define="ViewPerms python: here.has_permission('View', here)">
Then check against it later on when listing devices and data.
Code:
<tal:block tal:condition="ViewPerms">
<!-- ALLOWED CODE HERE-->
</tal:block>
<tal:block tal:condition="not:ViewPerms">
<!-- DENIED CODE HERE-->
</tal:block>
You can apply this logic to "wrap" various links from the default skins.
You'll find these inside $ZENHOME/Products/ZenModel/skins/zenmodel
For instance I edited leftPane.pt to remove links for users without ZenManager
permissions.
You can also go a step further and create a new zProperty containing a list of
allowed devices. Then edit the skin code to query that property and if the
device is not in the list, show nothing and place a javascript redirection to
bounce them out.
I also edited a bunch of other skin files to achieve the same functionality. I
really doubt if this is the best method since you need to be very careful and
make sure you close loopholes for a user to get around your artificial
limitations. It would be tough to be 100% bulletproof but most users arent that
smart anyway so it works for me.
Perhaps the enterprise version is more complete in this regard but my users are
none the wiser and they stay in their little sandbox :)
I would package these changes but honestly I really think these are more
specific to my needs and more of a hack than a really complete feature for
others. Besides I'd be stepping on Zenoss's toes and I like these people :)
-------------------- m2f --------------------
Read this topic online here:
http://community.zenoss.com/forums/viewtopic.php?p=21013#21013
-------------------- m2f --------------------
_______________________________________________
zenoss-users mailing list
[email protected]
http://lists.zenoss.org/mailman/listinfo/zenoss-users
