[Zope] Basic Security question
lists at elvix.com
Thu May 27 16:09:40 EDT 2004
On Thu, 27 May 2004 11:09:46 -0400 GMT
Jonathan Hobbs asked the Zope mailinglist about the following:
> I thought I understood permissions and roles, but...
> I have a folder ('Data') with the 'View' security role set to
> 'Authenticated', and 'Acquire Permissions' is NOT checked for 'View'.
> When, as an 'anonymous' user, I try to access an object within the 'Data'
> folder the security popup window (enter your name/password) is displayed.
> This works as I expected it to.
> I have created a dtml method called 'Display'. This test routine is
> hardcoded to display an object from the 'Data' folder. I have set the Proxy
> role for the Display method to "Authenticated". When, as an 'anonymous'
> user, I access the 'Display' method the security popup window appears?!
> Shouldn't the Proxy role assigned to the dtml method enable access to the
> object in the folder?
Is the 'Display'-method incidentally also located inside the Data
folder? If that is the case, anon is still not allowed to access it,
and proxy /no proxy will not matter.
Geir Bækholt · Interaction Architect · Plone Solutions
Development · Training · Support · http://www.plonesolutions.com
More information about the Zope