[ZDP] BackTalk to Document The Zope Book (2.5 Edition)/Users and Security

webmaster@zope.org webmaster@zope.org
Tue, 15 Oct 2002 05:37:00 -0400


A comment to the paragraph below was recently added via http://www.zope.org/Documentation/Books/ZopeBook/current/Security.stx#3-32

---------------

      This security pattern is called *delegation*, and is very common
      in Zope applications. By delegating different areas of your Zope site to
      different users, you can take the burden of site administration
      off of a small group of managers and spread that burden around
      to different specific groups of users.
      Later in the chapter we'll look at other security patterns.

        % Anonymous User - June 4, 2002 12:45 pm:
         I think it may be valuable to point out at this step how a user actually would get to manage his subfolder. I.e.
         http://machine.com:8080/MyFolder/manage if he is a manager in the MyFolder folder.

        % Anonymous User - Aug. 23, 2002 6:42 am:
         This was the point I am looking for. After creating an User in an sub folder I was not able to login, since
         the user has no root access.
         Now it works, thanks. It also works if I call manage if the folder is redirected via Apache.

        % Anonymous User - Oct. 15, 2002 5:36 am:
         it is important to relate the above to the use that Zope makes of paths.
         Consider this situation
         /view.py
         /data
         /data/a_file
         /data/acl_users 

         where view.py is a Python script which shows some restricted informations
         (such as ownership of the objects). When the user access the URL
         http://www.zopesite/data/a_file/view.py
         what security settings are taken into account?
         the settings for the file /data/a_file or the settings for /view.py?