[Zope] Urgent: acquisition and permissions question.
Tue, 19 Sep 2000 00:05:56 +0200 (CEST)
Gilles Lavaux writes:
> Maybe the answer is easy, but I can not find the solution:(and maybe I was
> completly wrong about permissions)
> I have a folder containing SQLs and methods:
> and a subfolder who has his access and view security setting disable for
> When anonymous access /project/index_html he see the page : that's good.
> 1)When anonymous access /project/protected/index_html he also see the page.
> Is it normal?? ( the index_html is of course only inside the /project )
> 2)If anonymous access /project/protected/some_method_with_sql and the result
> is empty, he see the result page!That's strange.
> But if the result is not empty, he get the authentication box : that's
> It's zope2.2.1
The security system does not use the full acquisition context but
only the containment. This is a security feature to prevent
a user with partial management rights in a subfolder to
affect permissions for objects outside its area.
I think (am not sure!) that in your case, the "protected" context
is not used as your objects are in fact outside "protected".