This is a "HotFix" type of product that enhances Zopes access control with local role "blacklists" and workgroups. It enables you to block out users local roles assignment so they won't propagate further down the folder hierarchy, and also to define groups in the acl_user folders and assign these groups locally.
I developed this from the current trunk, so it's some type of confused beta of 2.5.1. :-) But it doesn't use anything very strange, and should work on 2.5.x. In fact, it should probably work on anything after 2.2, assuming it works at all, that is.
This software is developed as "proof of concept". The user interface is ugly, the code uglier and I don't really expect it to work in real life situations. So there.
Local roles blacklists
You can block out the inheritance of a role. This way a user may have manager rights at the root level, but only anonymous rights at subfolders, enabling you to have a manager for the global website that does not have manager rights at the country websites, as an example.
It does not block out the global roles.
This lets you define groups of users in the acl_users folder. You also assign what roles the user should have withing that group. By then making groups active at differen folders and objects, the users will get these groups as if they were added as local roles users at the folder/object.
This part is highly experminetal. This is basically just a "proof of concept" implementation, to show that it's possible, and to show how it's done and how useful it is. Showing is easier than explaining. :-)
|workgroups_0_2.zip (11 K)||All|