[Zope] Basic Security question

Geir Bækholt lists at elvix.com
Thu May 27 16:09:40 EDT 2004

On  Thu, 27 May 2004 11:09:46 -0400 GMT 
Jonathan Hobbs asked the Zope mailinglist about the following:
> I thought I understood permissions and roles, but...

> I have a folder ('Data') with the 'View' security role set to
> 'Authenticated', and 'Acquire Permissions' is NOT checked for 'View'.

> When, as an 'anonymous' user,  I try to access an object within the 'Data'
> folder the security popup window (enter your name/password) is displayed.
> This works as I expected it to.

> I have created a dtml method called 'Display'.  This test routine is
> hardcoded to display an object from the 'Data' folder.  I have set the Proxy
> role for the Display method to "Authenticated".  When, as an 'anonymous'
> user, I access the 'Display' method the security popup window appears?!
> Shouldn't the Proxy role assigned to the dtml method enable access to the
> object in the folder?

Is the 'Display'-method incidentally also located inside the Data
folder? If that is the case, anon is still not allowed to access it,
and proxy /no proxy will not matter.


 Geir Bækholt    ·   Interaction Architect   ·    Plone Solutions

 Development · Training · Support · http://www.plonesolutions.com

More information about the Zope mailing list