[Tutor] Re: "Generic" GetUser

[Derrick 'dman' Hudson]

--K8nIJk4ghYZn606h
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jun 25, 2002 at 05:02:19PM -0600, Colin Campbell wrote:
=20
| I have an Excel workbook containing many tabs of financial reports. An=20
| autorun macro looks up the user login in a table and hides the sheets the=
y=20
| are not allowed to see. There are 2 obvious problems: I can't guarantee=
=20
| that the macro is run, and since it makes and API call to Windows, my Mac=
=20
| users are doomed.

Yep.
=20
| I have found the win32wnet.WNetGetUser() in ActivePython, so that I don't=
=20
| have to trust users to enable macros. This in turn means that my next tri=
ck=20
| is to write a Python front end which handles the security, perhaps even b=
y=20
| copying the allowed sheets into a temporary workbook or even creating HTM=
L,=20
| depending on the level of my ambition.

What I would suggest is not giving the users data they aren't supposed
to have in the first place.  Once you've given them the data, there is
no robust way to prevent them from "having" it.

A better system would be to store all the accounting information where
the accounting folks can get to it.  From that complete source, you
can generate the reports that the users are allowed to see.  The only
remaining issue to decide is how to distribute the resultant reports. =20

Where I work we are presently transitioning from MUMPS to Solomon IV
as the accounting package.  The other admin already has a collection
of tools (Crystal Reports and some php/perl scripts) to generate CSV
and HTML versions of each person's individual financial reports.  I
created a zope interface backed by postgresql for users to access
their reports through a web browser.  Some people, depending on their
position, are allowed to view other peoples' reports.  This is all
managed by some ACLs (Access Control Lists) in the postgres database.
The zope front-end requires password-based authentication and then
dynamically builds an index of all the reports that user is allowed to
view.  The user can then select a report to retrieve it in either HTML
or CSV form.

Some of the advantages of handling it this way are :
    1)  all the code runs on one chosen platform and can be tested
    2)  users don't need to learn anything new -- they already know
        how to use a web browser
    3)  the data is all kept on a server, not distributed around
        (except as allowed by the ACLs)
    4)  providing the CSV format of the data allows a user to import
        it into excel or whatever other program they want to, if they
        want to
    5)  each report only has one copy stored in the database
        regardless of how many users are allowed to view it
=20
| My question is this: is there a more generic method or property that is=
=20
| available across all platforms/python implementations, which will return=
=20
| the network login of the person running the program?

No.  UNIX, Windows, and Mac are all different in how they handle
users.  MacOS (prior to X) didn't even have "users" -- it was a
single-user desktop system.

HTH,
-D

--=20

Emacs is a nice operating system, it lacks a decent editor though
=20
http://dman.ddts.net/~dman/


--K8nIJk4ghYZn606h
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAj0ZtLMACgkQO8l8XBKTpRTFPACgtLUkPsspu3O1Lnr+eyWFhbwd
7zcAoKjt1Lo56LiCmJQBG4ciaDQ7v+5H
=7j1d
-----END PGP SIGNATURE-----

--K8nIJk4ghYZn606h--