Into each list/add/edit generated methods, when option
to generate headers/footers is on, the result include the security check.
What do I mean by security check?
Security scripts return 1 when you grant access or return 0 when you don't
When script return 0 the generated method will display denied_method
You can group users by Zope role or by your own groups.
I choosed to assign Zope role Users
to all my Intranet users
And to make them members of some groups taken from an SQL table.
Then all users with role Users can view objects, but security script
will return 1 only for some users which are members of some groups.
How this is working?
On SQL I have table groups with fields : gropupid, groupname
The Validation script you must choose here look like:
if context.scr.ismember("IT"): return 1 else: return 0
And ismember is another Python Script located into scr folder
which look like:
Parameter List : groups Body: #check if current user is member of groups import string user=context.REQUEST.AUTHENTICATED_USER.getUserName() gr=["Everyone"] # SQL is a generic ZSQL Method with q as parameter and <dtml-var q> as body for i in context.SQL(q="select * from users where username='"+user+"'"): gr=string.split("All,Everyone,"+i.groups,",") break flag=0 # assume is not member for i in string.split(groups,","): if i in gr: flag=1 # user is member break return int(flag) # paranoia result return
You may call ismember with : if context.scr.ismember("IT,Editors,Security,Board") ...
to check if current (authenticated) user is members of IT or is member of Editors and so on.
Denied_method is just a DTML Method which contains:
<h1>Sorry! Access denied.</h1>
Or it may contains complex Python scripts which log unauthorised accesses...
Don't include in this method <dtml-var standard-html-header> or <dtml-var standard-html-footer>