[Zope] Restricting access to Confera

ryon@altavista.net ryon@altavista.net
Tue, 13 Jun 2000 01:09:58 -0400 (EDT)


I'm confused about the way Zope restricts access to products such as Confera.

I think I know about adding users, and setting their roles, and setting permissions on objects.  Acquisitional Zen escapes me, but I suppose I know enough of it to get along.  Unfortunately, when I put this all into practice, things don't work the way I think they should! 

I'm just trying to do simple stuff here.  Let's say we have a Zope website on sailing.  It has a public section which everyone is invited to view, and a section we wish to restrict just to sailboat captains.  The default works well for the public pages, but we have to do some special things in order to make the restricted stuff restricted.  So we create a role of "captain".  In the acl_users folder for the pages we want to restrict, we add the user "Blackbeard" and give him a captain role.  In the to-be-restricted folder, under the security tab, we check the "Access contents information", "Can Login and Logout", and "View" roles under "captain", then tediously uncheck all of the "Acquire permission settings".  Things are just fine so far, I think.  Blackbeard can get in, and everyone else is kept out.

The problem is when we want to add a product like Confera, and only let Blackbeard and his captain buddies use it.  There is apparently something very different about the way Zope handles products.  Obviously, there are several more permissions that need to be checked due to the added functionality, such as "Add Confera Topics" etc., but regardless of how many permissions I check under the captain role, Zope+Confera will not let Blackbeard or the other captains in!

What am I missing here?




----------------------------------------------------------------
Get your free email from AltaVista at http://altavista.iname.com