Hi everyone I'm in charge of a massive revision in our web service's login system.
i'll try to be concise.
We want to create a login system that takes some kind of "tags" from the user and, with those in mind, decide wich object the user can see and interact with. every Object has the same tags and we use'em for searching and filtering trough the massive amount of contents in our websites. here's an exemple with some pseudocode helping you understand what i'm trying to do:
@p3dar You can assign dynamic roles to users depending on arbitrary attributes of the context, the request or the user using a adapter ILocalRoleProvider.
Here is a example hat checks values in fields of the context to grant local roles:
from borg.localrole.interfaces import ILocalRoleProvider
from my.package.behaviors.team import ITeam
from zope.component import adapter
from zope.interface import implementer
@implementer(ILocalRoleProvider)
@adapter(ITeam)
class LocalRoles(object):
"""Provide a local role manager for projects"""
def __init__(self, context):
self.context = context
def getAllRoles(self):
for author_id in self.context.authors:
yield (author_id, ("Editor", "Contributor"))
for manager_id in self.context.managers:
yield (manager_id, ("Manager", "Editor", "Contributor"))
def getRoles(self, principal_id):
roles = set()
if principal_id in (self.context.authors or []):
roles.add("Editor")
roles.add("Contributor")
if principal_id in (self.context.managers or []):
roles.add("Editor")
roles.add("Manager")
roles.add("Contributor")
return roles
Registered in zcml as <adapter factory=".localroles.LocalRoles" />
thanks for your advice, i really appreciate it but we tried this kind of approach and it ended with too many gropus i think the best solution must be more "dynamic"!
Slightly off topic, but If your question is not about 'security', but just a practical way of ordering / accessing / finding content, you could make views with conditions.
So, if a typically view (now) is
Find all items of type 'Person'
Show image, Name and Eye color of each person
You could change this to (see also 'below')
Define which criteteria to search for (depending on 'the logged in user')
Find all items of types Person with these criterias
Show image, Name and Eye color of each
An approach could be to make an index (and indexer) and add the users that can access (view?) (each) item to it.
(For exemple) you could then add that field to the search terms (with plone.app.querystring.operation.string.currentUser ).
A little similar to how 'Creator' -> Current logged in user works in Collections.
Not sure how fast this approach would be, but at least it should be very fast to make. You should probably be able to used the indexed field in combination with collective collectionfilter (or similar)