[Zope-CMF] allowedContentTypes - security settings

marc lindahl marc@bowery.com
Fri, 24 Aug 2001 02:15:48 -0400 

I think they fixed this another way in 1.1... according to the readme:

  - Extended 'folder_factories' to filter type objects using
    'isConstructionAllowed' in 'PortalFolder.allowedContentTypes'
    (Tracker #249).

Should do it?

> From: "Frank McGeough" <fm@synchrologic.com>
> Date: Fri, 17 Aug 2001 15:49:02 -0400
> To: "marc lindahl" <marc@bowery.com>
> Subject: Re: [Zope-CMF] allowedContentTypes - security settings
> 
> skip_unauthorized is not in folder_factories.dtml.
> I guess it should be like this :
> 
> <dtml-in allowedContentTypes skip_unauthorized>
> 
> instead of
> 
> <dtml-in allowedContentTypes>
> 
> is that correct?
> 
> ----- Original Message -----
> From: "marc lindahl" <marc@bowery.com>
> To: "Frank McGeough" <fm@synchrologic.com>; "Zope-Cmf" <zope-cmf@zope.org>
> Sent: Friday, August 17, 2001 2:10 PM
> Subject: Re: [Zope-CMF] allowedContentTypes - security settings
> 
> 
>> Hmmm... I think I submitted that to the Tracker a while ago...
>> folder_factories should have skip_unauthorized in the list?
>> 
>>> From: "Frank McGeough" <fm@synchrologic.com>
>>> Date: Fri, 17 Aug 2001 12:38:51 -0400
>>> To: "Zope-Cmf" <zope-cmf@zope.org>
>>> Subject: Re: [Zope-CMF] allowedContentTypes - security settings
>>> 
>>> Unfortunately modifying the security setting to disallow certain roles
>>> yields a login box and ultimately :
>>> 
>>> (Object: allowedContentTypes)
>>> Unauthorized: 2
>>> 
>>> 
>>> ----- Original Message -----
>>> From: "marc lindahl" <marc@bowery.com>
>>> To: "Frank McGeough" <fm@synchrologic.com>; "Zope-Cmf"
> <zope-cmf@zope.org>
>>> Sent: Friday, August 17, 2001 11:32 AM
>>> Subject: Re: [Zope-CMF] allowedContentTypes
>>> 
>>> 
>>>> 
>>>> 
>>>>> From: "Frank McGeough" <fm@synchrologic.com>
>>>>>> 
>>>>> The portalTypes folder has Actions and those look like they are tied
>>> into
>>>>> the code above --- but I'm unclear what to do with these in order to
>>> disable
>>>>> a type. Do I simply delete the type? What if I wanted only certain
> users
>>> to
>>>>> be able to add files?
>>>> 
>>>> You could modify the security settings in the portal_types type... try
>>>> turning off 'inherit' for 'access contents type' and turning on only
> the
>>>> roles you want to access the type.
>>> 
>>> 
>>> _______________________________________________
>>> Zope-CMF maillist  -  Zope-CMF@zope.org
>>> http://lists.zope.org/mailman/listinfo/zope-cmf
>>> 
>>> See http://www.zope.org/Products/PTK/Tracker for bug reports and feature
>>> requests