[Zope] acquisition, traversal, acl_users and security
Dylan Reinhardt
zope@dylanreinhardt.com
Fri, 28 Feb 2003 09:18:00 -0800
At 05:21 AM 2/28/2003, Tim Hicks wrote:
>The only downside I can see is that all users would be able
>to see the management screens. This may potentially reveal more
>information than is desirable (depending on what the management screens
>show of course).
One fairly easy hack would be to drop a specially named method in each root
folder that returns some string value. Let's call it
my_access_rights. Then secure that object with the set of privileges you
want to pertain to those able to manage folder contents. Put a different
one at each point where your access scheme changes.
With that in place, make sure each of your management screens do something
like:
<dtml-call my_access_rights>
If it's not accessible (or isn't there at all) your user is probably trying
to play outside the sandbox. Luckily, the interface will kick out an error
instead of rendering. You'll probably want a special
standard_error_message for the control folder.
HTH,
Dylan