[Zope-CMF] Struggling with CMF 1.1 security for non-Manager roles
Ian & Geri Clatworthy
iangeri@bigpond.com
Fri, 26 Oct 2001 00:23:52 +1000
I thought I understood CMF security and things worked as I
expected in CMF 1.0. However, upgrading to CMF 1.1 broke
things and after trying to fix this issue on and off for several
weeks, I'm hoping for some guru advice ...
If I create a 1.1 CMF Portal under Zope 2.3.2 ,
add a Document and add the following index_html to the
custom folder under portal_skins, it forces me to login even
if a grant *every* security setting to Anonymous!
<dtml-var standard_html_header>
<dtml-in "objectValues('Document')">
<dtml-var id><br>
</dtml-in>
<dtml-var standard_html_footer>
However, I can add a DTML Document using the ZMI
and change the objectValues filter and I get the id displayed
as expected. I've been over the Python code for all the spots
in the CMF which look potentially guilty and I can't see
why 'id' (or title_or_id, icon, type and heaps of other things
I've tried) *require* a logon regardless of permissions granted.
Am I missing something or is this a bug?
Ian C.