[Zope-CMF] Private CMF site

Greg Ward gward@python.net
Wed, 19 Feb 2003 13:17:53 -0500


On 19 February 2003, george donnelly said:
> [Greg Ward wrote (gward@python.net) on 2/19/03 11:37 AM]
> 
> > Or is there a
> > better/easier/simpler/cleaner/working way to make a CMF site private
> > that doesn't involve mass permission twiddling?
> 
> have you seen Ausum's howto?
> 
> http://www.zope.org/Members/ausum/Howtos/members_only_portal

Ahh, thank you, that helps.  Works with a vanilla CMF site, and it gives
me enough clues that I might just be able to get it to work with my real
site!

Can someone explain what "Access contents information" means?  I've
Google'd for it and grep'd the Zope source code but have not yet
achieved enlightenment.  Is there any place where Zope permissions are
documented?

As an aside, it looks as though CMF really wasn't designed with
"members-only" sites in mind.  In particular, the default main_template
makes liberal use of here/portal_membership, here/portal_actions, etc.
That means that any attempt to render a nice-looking login_form or
logged_out depends on having access to here/portal_* -- ie. you want
your login_form and logged_out to use the same skin as the rest of your
site, meaning you need to use main_template, meaning anonymous users
need to be able to access here/portal_*.

I can see three possible ways out:

  * rewrite main_template to defend against permission failures, eg.
    "define mtool here/portal_membership | nothing" -- which gets
    hairy because then you have to code around mtool not being
    defined, and so on down the line

  * use vanilla login_form and logged_out pages -- ie. don't use
    the same skin as the rest of your site (works, but looks
    unprofessional -- especially since the login_form is the first
    thing every user will see!)

  * grant appropriate permissions on /portal/portal_* -- I guess
    give Anonymous "Access contents information" and "View", but
    I'm not really sure if this will work.
    
I'm going to play around with the last of these, but can anyone think of
a nicer way?  (Short of using Plone: I have a feeling this site will
eventually migrate to Plone, but it ain't gonna happen today.)

        Greg
-- 
Greg Ward <gward@python.net>                         http://www.gerg.ca/
Never put off till tomorrow what you can avoid all together.