[Zope] acl_users and differing behaviour with Netscape/IE

Alexander Limi alexander@limi.net
Wed, 15 Mar 2000 18:25:25 +0100 

Hi.

In our development, we stumbled over some behaviour that caused us quite a
headache for a while. We managed to find a less than elegant solution, but
it works for now.

The case is this:

We have the following structure (greatly simplified :)

 rootfolder
  |
  |-images
  |
  |-artists
  |  |
  |  |-acl_users
  |  |
  |  |-Artist1
  |  |-Artist2
  |  |-...etc


As you can see, we have separated the "acl_users"-folder belonging to each
of our artists into the "artists"-hierarchy. All images we use are located
in "images", under the root folder.

The problem appeared when we used DTML similar to the following inside the
artists-folder:

<dtml-with images>
  <dtml-var picture>
</dtml-with>

In IE, this would work just fine, Zope got the "picture" object from the
"images" folder and displayed it - no problem. But with Netscape and
Mozilla, we got authentication problems. It seemed as though Netscape
insists on sending the authentication request no matter what, and is
actually denied access to material that can be read by anybody (ie: the
objects in our "images" folder).

As far as we can see, this is a result of us having an extra "acl_users"
folder in the "artists" folder. Thus the logged in artist is not a user in
the root hierarchy, but only from "artists" and further into the tree.

We've solved this problem temporarily by putting duplicates of the images in
the "artists" folder.

My questions are thus:

1. Should we move the "acl_users" folder to our root folder? If possible, we
would prefer separating the artist users into their own folder, to avoid
clutter. But they should be able to access the rest of the site, like any
anonymous user.

2. Is this a problem with the way Zope authenticates users? Shouldn't users
that don't authenticate correctly at least have access to the content
readable by anonymous users? Or have I done something terribly wrong? :)

You see, we plan on having a "listeners" folder too, where we are going to
store individual listeners' preferences (what artists they want to be
notified of, what music categories they prefer, etc) - and I assume we will
run into the same problems here - users being authenticated only in the
"listeners" folder and below. They should be able to browse the normal web,
however, and add artists to their notify-list. Does this acl_users have to
be in the root user folder too?

Please CC me, as I don't have access to the list at the moment.

Regards,


Alexander Limi.