Configuring Zope
================

Make a symbolic link to the example product directory from within the
appropriate Zope instance's Products directory:

cd Zope/instances/Products
ln -s /home/paulb/Software/Python/WebStack/examples/Zope/SimpleProduct

Or copy the example product directory into the Zope instance's Products
directory:

cp -R /home/paulb/Software/Python/WebStack/examples/Zope/SimpleProduct Zope/instances/Products/

Then configure the etc/zope.conf file to add details of the example
application and the WebStack package. In the appropriate section, add the
following directives (adjusted for the exact configuration):

path /home/paulb/Software/Python/WebStack
path /home/paulb/Software/Python/WebStack/examples/Common

Upon starting or restarting Zope, add the example product using the management
interface (eg. add "Simple product" as "test") and then visit the anticipated
URL; for example:

http://localhost:8080/test

Authentication/Authorisation in Zope
====================================

Like mod_python (and Apache), Zope prevents application-level control over
HTTP Basic authentication. However, the authenticator approach can still be
used to control access to resources. When the Auth example is deployed in a
normal "public" folder in a Zope instance, it is possible to merely supply the
desired username and any password to satisfy the elementary security check.
However, should the Auth example be deployed in a folder with its own access
controls, then all access to the application must first go through the Zope
security checks (which entail the proper authentication of the user through
the validation of the user's password) before being validated by the
elementary security check performed in the AuthAuthenticator class.

To set up such a protected folder, do the following in the Zope management
interface:

  * Choose "Folder" in the menu of objects to add.
  * Choose an "Id" and "Title", and to "Create user folder", then "Add".
  * Choose the new folder.
  * Choose the "Security" tab, and change the "View" permission so that only
    authenticated users have access.
  * Add appropriate users to the "acl_users" folder inside the new folder.
  * Add WebStack resources to the new folder.
