[Zope] security problems .. should be fairly easy...

Bowyer, Alex BowyerA@logica.com
Tue, 21 Nov 2000 15:52:52 +1100


I know I am posting quite a lot of questions to the list lately, sorry about
that, it's just that I can save myself hours of trial-and-error coding when
I get quick answers from list, so I hope you don't mind. It seems to be the
fastest way to learn.

I have a news page ZClass and a news article ZClass, both of which have
several DTML methods. All methods apart from index_html should require a
particular user role, "UAAdmin", to be held by the current user (thee
mathods are all for editing anf manging the news page and articles). The
index_html methods (which display the news article) should be available for
anonymous access.

I have been stuck with this for over a week now, I have tried all sort of
combinations of permissions, defined permissions and user roles, but I can't
figure it out and I can't find any examples in any of the Zope documentation
about how to manage permissions for class methods. Does anyone know where I
could find such documentation or examples if there are any?

The whole thing's very confusing, but here's what I've worked out so far.
Maybe someone could put me right and/or fill in the gaps?
I think what I need to do is got the Define Permissions tab for each method,
and for the View permission dropdown I should select View for the index_html
method, and some other permission X for every other method. This other
permission X should only be granted to the UAAdmin role. The question is,
what is X to put in the dropdown, and how to assign it to UAAdmin. How would
I go about creating a new permission, perhaps "Manage news pages", and how
could I then assign that to UAAdmin? Would it then appear in the drop-down?
Is this the right approach? How would I finish this off? Am I barking up the
wrong tree? 

Any suggestions or advice would be most welcome.

Thanks for your patience with newbies like me!!

Alex

==================================
Alex Bowyer
IT Contractor, Logica Australasia
Tel    : +61 2 9202 8130
Fax    : +61 2 9922 7466
E-mail : bowyera@logica.com
WWW    : http://www.logica.com.au/
==================================