Account Services

I have

Security Principles

Several types of user roles are foreseen:

Anonymous visitor
The visitor can browse released reports and download those files that have unlimited access.
A reporter, who creates the actual reports. A reporter can release an envelope to the public. The public must be confident that they are not downloading an incomplete report, so a release/-revocation is logged in the activity log. The reporter is responsible for identifying files with limited access before releasing the envelope. Once a report is released, it is no longer possible to upload files. If a mistake is found then the release-status can be revoked.
Clients can see documents where the access is limited - but only in released envelopes.
The auditor can view unreleased envelopes.
And then there still is the Zope Manager, who can fix everything if/when the security paradigme doesn't cut it.

A user can be one, more or all of these roles at the same time.

Additionally, a user can only delete objects he himself have created. And in the case of files, only if the envelope is not released.


There are six permissions: