[Zope] getting a list of users from ACL_USERS

Derek S. Wilson dwilson at abrazohealth.com
Fri Oct 10 14:48:08 EDT 2003

What exactly are "sufficient permissions" ?

Derek Wilson

-----Original Message-----
From: Dylan Reinhardt [mailto:zope at dylanreinhardt.com] 
Sent: Friday, October 10, 2003 11:27 AM
To: Derek S. Wilson
Cc: Zope user list
Subject: Re: [Zope] getting a list of users from ACL_USERS

On Fri, 2003-10-10 at 10:58, Derek S. Wilson wrote:

> But when I try it using a regular (non-manager/owner) it says:
> Error Type: Unauthorized
> Error Value: You are not allowed to access getUserNames in this 
> context
> When I use the site manager, it works fine...

It seems reasonable, by default, that you wouldn't want to allow just
*anyone* to examine your user folder.  :-)

Since you *want* non-default behavior, give this method a proxy role
that has sufficient permissions.  Once you've got that, you may want to
restrict access to this method, granting use of it only to authenticated
users, for example.



More information about the Zope mailing list