[Zope-CMF] CMF and Permissions?

Dieter Maurer dieter@handshake.de
Thu, 29 Nov 2001 23:36:34 +0100


alan runyan writes:
 > I am trying to restrict anonymous view of my intranet (root of my CMF site)
 > while allow anonymous views to my public website (a subfolder in my CMF
 > site).  Zope is not liking what I'm doing.  I think its because of the
 > traversing and how CMF munges it maybe.  I would appreciate any help.
 > 
 > / Root
 > --/client_portal (CMF instance, Anonymous should not be able to View)
 >    --/client_public_website (Portal Folder that contains content, Anonymous
 > should be able to View)
 > 
 > intranet.client.com is virtual hosted to /client_portal
 > www.client.com is virtual hosted to /client_portal/client_public_website
 > 
 > in client_portal I have uncheck 'acquire' permissions on View and not
 > allowed Anonymous to view
 > on client_public_website I have unchecked 'acquire' on View and allowed
 > Anonymous and everyone else
 > 
 > if you goto www.client.com it horks trying to redirect you to /loginform
 > (this is CookieCrumbler) doing this.
Disable the CookieCrumber.
You will then get the browsers login dialog. Abort the login.
You will get a traceback that gives you hints what need to be
accessed and cannot be.

I expect, your request tries to use general portal infrastructure
above your subsite. As you probably understand, acquisition should
not be able to expose objects that a user can not access directly...


Dieter