[Zope] set permission dependig from domain

Sidnei da Silva sidnei@x3ng.com.br
Thu, 28 Feb 2002 15:13:52 -0300 

Oops. its precondition.

Em Qui 28 Fev 2002 15:03, Sidnei da Silva escreveu:
> There is somethin called precommand on files. Maybe you should try it.
>
> []'s
>
> Em Qui 28 Fev 2002 14:25, Marcus Bergmann escreveu:
> > Joel Burton wrote:
> > > On Thu, 28 Feb 2002, Marcus Bergmann wrote:
> > > > Hello,
> > > >
> > > > is it possible to set permissions, e.g. 'view', depending from the
> > > > surfers domain? I need to protect files and folders from viewing by
> > > > surfers outside our domains. I dont want a login screen!
> > >
> > > Haven't tried this, but would it work to:
> > >
> > > in outer folder, create user "bob" with low privileges (ie can't view
> > > documents in question)
> > >
> > > in inner folder, create user "bob" with same password and higher
> > > privileges (ie can view docs in question) __and__ with restricted
> > > domain list
> > >
> > > when zope goes to show bob the content, it would fail with the inner
> > > bob if he's not from the right domain and fall back on the outer bob
> > > who lacks the right privileges.
> > >
> > > Not sure if it would do this, though: it might not bubble up to the
> > > next bob. If it sounds interesting, check & see & let us know.
> >
> > I dont want to do this beacause I dont want to force the users to login.
> > I want Zope to check the domain, the user comes from and either to allow
> > or deny access. No problem with DTML-Documents or -Methods. There I can
> > query the REMOTE_HOST. But if I publish files, there is no way to run a
> > script, is it?
> >
> > > -*-
> > >
> > > if this doesn't work, something more programmatic, like a SetAccessRule
> > > python script in the folder in question would work. This would compare
> > > the requester's domain and could raise an exception. It's not nice,
> > > clean declaration security like above, but, hey, it would get the job
> > > done.
> >
> > Ok, I could write such a script, but how do I run the script when the
> > user acesses the contents of the folder? Lets say the user directly
> > calls http://mydomain/myfolder/myfile.pdf.
> >
> > > -*-
> > >
> > > btw: if you're using a different webserver (eg apache) as the front
> > > end, you might not be getting the real browser IP address proxied to
> > > you; you might be getting the IP address of your apache box. Search the
> > > list for messages about this for workarounds.
> >
> > No problem, our Apache let the REMOTE_HOST name pass.
> >
> > > --
> > >
> > > Joel BURTON  |  joel@joelburton.com  |  joelburton.com  |  aim:
> > > wjoelburton Independent Knowledge Management Consultant
> >
> > In my view the missing of the possibility to deny/allow access to
> > objects in Zope is a missing feature. You can do it easy with Apache,
> > why not with Zope?
> >
> > Thanks,
> > Marcus
> >
> > _______________________________________________
> > Zope maillist  -  Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists -
> >  http://lists.zope.org/mailman/listinfo/zope-announce
> >  http://lists.zope.org/mailman/listinfo/zope-dev )

-- 
Sidnei da Silva
X3ng Web Technology
sidnei@x3ng.com.br