I'd like the best of both worlds. I'm currently running Python 2.3.5, Zope
2.7.7, and Plone 2.1 (final). Using LDAPUserFolder (2.5beta2) as the
authentication method and it works perfectly. I'm using LDAPUF as the User
Source and User Folder as the Groups Source. It's better for us to manage
groups in Plone. But I'd like a little of the information in Active Directory
to help with some "blanket" permissions.
What I have is a folder that contains folders and files that need to be viewed
by some personnel of the organization, but not others. For this, I've created
a role called 'Reader' (Reader gets viewing permissions only). I create a
group that I want to view folder A. At the local level, I assign this group
the role 'Reader'. This will work fine, but I have to manually manage each
group. What I'd like to do is use some of the LDAP schema attributes to act as
a condition of permissionship.
I can use this to create a portal tab:
Title MOD Report 5
Id folderContent
URL string:${portal_url}/corporate-reports/operations-reports/
Condition python: 'CN=MOD Report,CN=Users' in
portal.portal_membership.getAuthenticatedMember().getProperty("memberOf")
Permission View
Category portal_tabs
Visible? checked
This correctly creates the portal tab because the condition in this case is
true. But because this member isn't a member of the group that is allowed to
view the URL, when I click on the tab I get Insufficient Privileges. I was
hoping there was a way that I could use this Property to map this member to a
particular group. That way everyone that has memberOf - MOD Report in Active
Directory would automagically be a member of said group.
I've tried creating an action like this in portal_memberships and
portal_groups, trying things like Category - global,folder and user but to no
avail. Does anyone know how I can bind this Member Property to a Group without
using LDAPUF as the Group Source?
BTW, I don't want to create a portal tab for each permissioned folder. I just
want to map to the group.
Peppi Vecchio | Web Developer
TECHNOLOGY SERVICES GROUP
_________________________________________________________
The information contained in this message is privileged, confidential and
intended only for use of the individual or entity addressed above. If you
have received this communication in error, please immediately notify us
by reply and delete the same. Thank you.
_______________________________________________
Zope maillist - [email protected]
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
