Hi I'm currently developing a product called "ftpFolder". This product is designed to make Zope easier to use with webDAV and ftp. It tackles a few common problems that occur when using these tools to edit Zope.
Firstly Zope prefers to have no extension on the files it stores, this breaks alot of Windows programs (such as Web Folder and Dreamweaver). The ftpFolder tackles this problem by providing a "virtual mapping" onto the real zope tree. In the virtual mapping the objects gain extensions. This mapping is accessed through 'cd'ing into a virtualFTP object found in the FtpFolder. For example FtpFolder | + DTMLDocument + DTMLMethod + Image | + virtualFTP | + DTMLDocument.ddtml <- This is the above DTMLDocument object + DTMLMethod.ddtml <- This is the above DTMLMethod object + Image.jpeg <- This is the above Image object Extensions are provided using a mapping table and "plugins" which can dynamic create the extension depending on contents. (ie the Image would have a plugin to tell if it was a .jpeg or .gif or .png etc) It does this by providing "virtualObjects" which map properties onto a real object. I need a way to define the security so that the virtualObject takes on the security of the real object it is wrapping. One way that was suggested to me was to "copy" the security properties from the real object to the virtualObject in __init__. Would this work? If so what would i have to copy? Another problem the ftpFolder solves is the lack of the ability to edit Zope properties. It does this py providing a "virtualProperties" object which acts as xml representation of the objects properties. This objects appear in the virtualFTP folder as the <document>.prop and can be uploaded and downloaded to access and change the documents properties. This works well but i need help to make sure this doesn't open up any security holes allowing unprivledged people from changing properties. The final and most complex problem is that the ftpFolder allows you to ftp into "versions objects". In the virtualFTP tree version objects become "folderish", this allows people to 'cd' into them, and access the the tree as if they where in that version. How this works is in 3 steps a "versionFolder" object is created to "hold" the version. When anybody accesses the versionFolder is xml-rpc calls a "do" method on the local zope with the correct headers to cause the version to be entered. The "do" method then calls the correct method on the object (because the methods don't have doc strings and can't be called directly - plus REQUEST isn't picklable so can't be send across xml-rpc). versionFolder <- XML-rpc -> virtualObject.do <- function call with "mapply" -> virtualObject.<function> This might seem a horrible way to do it but it's the only way i have found to do this. It works suprisingly well, the problem is that it's horribly unsecure, i need help to secure this and the other problems. The source can be found on sourceforge cvs -z3 -d:pserver:[EMAIL PROTECTED]:/cvsroot/iiiserver co ftpFolder If you are intrested in helping me, or can offer some suggestions could you please email me (as well as the list if you feel it's approiate). Hope to hear from you all soon. Mithro PS BEWARNED the source isn't exactly the kindest :( _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )