|
|
|
Join Login Make these ads disappear! Sign up for an account and login. |
|
|
|
Lab Wear Advanced Search |
|
|
|
dogbowl CMF FAQ weekly |
|
|
|
Get Zope Achieve Zen Newbies CommunityRant The Book Building Websites Hosting EU Hosting |
|
|
|
Help! PyReference PyCookbook FAQTs Daily-URL! Contact |
Copyright © 2001-2005 zopeLABS and community
Prevent non-Managers From /manageSubmitted by: runyagaLast Edited: 2004-10-14
Category: CMF |
|
||
|
Description: by default Member users can access /manage or /manage_main in a CMF site. (for folders they own). if you feel uncomfortable about this here is a quick recipe that will restrict access to the ZMI for non-Manager users. |
|||
|
Source (Text): #create a (Script) Python called restrictZMIAccess
#in the root of your CMF Site
REQUEST=context.REQUEST
RESPONSE=REQUEST.RESPONSE
urlUnauthorized = context.portal_url()
member = context.portal_membership.getAuthenticatedMember()
path_info = REQUEST['PATH_INFO'].split('/')
if ( 'manage' in path_info or \
'manage_main' in path_info ) and \
'Manager' not in member.getRoles():
return RESPONSE.redirect(urlUnauthorized+'?portal_status_message=Not%20Allowed.')
#click on the Proxy tab, and highlight Manager. Each time this script is run
#it will be run as Manager (so you will always be able to access .getAuthenticatedMember())
#or your users will be prompted for a password with higher level access.
#now add a 'Set Access Rule', type restrictZMIAccess, click Set Rule.
|
|||
|
Explanation: I think in most production systems you would control this at the proxy level, and url rewriting. You wouldnt allow /manage or /manage_main to be used. But some people are finding ZServer works just fine for them. This recipe is mainly for them. |
|||
|
Comments: No Comments |
|||