[Zope] Site Access Rules and Permissions

Evan Simpson evan@4-am.com
Tue, 14 Mar 2000 09:07:11 -0500 

----- Original Message -----
From: "Chris Withers" <chrisw@nipltd.com>
> I did notice while playing around with this that moving or copying DTML
methods that have been set
> as site access rules did have some bizarre effects I wasn't expecting. I
think when I copied one, it
> stopped working, or something like that...as well as some other such
wierdities, is this to be
> expected?

Access Rules are designated by name within their container; If you rename
them, copy them, or move them, the new/renamed method will not be a Rule
unless you designate it as one.

> PS: What do you, or anyone else for that matter, think of the rule as a
solution to the problem in
> my earlier post? I don't *think* I need any magic folders or anything
else, but I'd like to get a
> second (third, fourth and possibly fifth ;-) opinion before I put it into
production...
>
> <dtml-if "_.has_key('virtual_host') and
REQUEST.environ['HTTP_HOST']==virtual_host">
>  <dtml-call "REQUEST.setURL(path='/')">
> </dtml-if>

Looks good! This is similar to the solution that Digital Creations came up
with, and is better, I think, than my SiteRoot behavior.

> It would appear that a Site Root and a Site Access Rule containing the
following are NOT the same:
> <dtml-call "REQUEST.setURL(base=SiteRootBASE, path=SiteRootPATH)">

Was this Rule living in the subfolder where the SiteRoot would have been?

> Also why do the SiteRoot objects have to be in the folder of the virtually
hosted site? why can't I
> just have one in the root folder which gets picked up through aquisition
(they're all blank anyway

Location determines the point at which the SiteRoot affects the URLs.  If
they did their internal 'setURL' in the root, all that would allow is
replacing the initial '/' with the path of your choice, when what you want
is to replace '/foo' (or whatever) with '/'.  A variant of the SiteRoot
scheme in which you could say "replace /foo with /" in the root would
require either rewriting the URLn/BASEn and absolute_url code to include the
replacement, or a hook after traversal completes which allowed the
replacement to be done before rendering the final object.  Either would
work.

> And, most importantly of all, why does adding a site access rule prevent
FTP access to Zope?

This is news to me! Prevents how?  What are the symptoms, and does it matter
what the Rule does?

Cheers,

Evan @ 4-am & digicool