[Zope] Acquisition of the View permission

Caleb Land bokonon@rochester.rr.com
Tue, 4 Mar 2003 17:39:12 -0500

On Tue, Mar 04, 2003 at 04:34:01PM -0500, Caleb Land wrote:
> Hello,
> I am having trouble with folders and the view permission.  Say I have a layout
> like:
> Users +
>       |--index_html
>       |--caleb +
>       |        |--Folder 1
>       |
>       |--brian +
>                |--Folder 2
> Now, let's say that user 'caleb' owns the caleb folder, and user 'brian' owns
> the brian folder.  If I set Folder 1 to be View'ed by owner/manager and without
> acquisition, shouldn't someone logged in as 'brian' be forbidden to see:
> /Users/caleb/Folder 1/
> even if index_html is able to be View'ed by Anonymous? (because of the context
> it's being called from)

I just re-read the Zope Book chapter on security, and I think I know what's
wrong.  The index_html ZPT is executing with the permissions of the ZPT itself,

If that's the case, then what would be a good way to achieve my original goal?
(restricting access to an acquired source based on context (in this case

Caleb Land