[Zope] Basic Security question
Jonathan Hobbs
hobbs at magma.ca
Thu May 27 16:15:06 EDT 2004
From: "Geir Bækholt" <lists at elvix.com>
> On Thu, 27 May 2004 11:09:46 -0400 GMT
> Jonathan Hobbs asked the Zope mailinglist about the following:
>
> > I thought I understood permissions and roles, but...
>
> > I have a folder ('Data') with the 'View' security role set to
> > 'Authenticated', and 'Acquire Permissions' is NOT checked for 'View'.
>
> > When, as an 'anonymous' user, I try to access an object within the
'Data'
> > folder the security popup window (enter your name/password) is
displayed.
> > This works as I expected it to.
>
> > I have created a dtml method called 'Display'. This test routine is
> > hardcoded to display an object from the 'Data' folder. I have set the
Proxy
> > role for the Display method to "Authenticated". When, as an 'anonymous'
> > user, I access the 'Display' method the security popup window appears?!
> > Shouldn't the Proxy role assigned to the dtml method enable access to
the
> > object in the folder?
>
> Is the 'Display'-method incidentally also located inside the Data
> folder? If that is the case, anon is still not allowed to access it,
> and proxy /no proxy will not matter.
No, the 'Display' dtml method and the 'Data' folder are both objects in the
same, higher level folder
ie.
Folder A
|
|-- Display method
|-- Data folder
|
|-- image file
where 'image file' is the object that 'Display' method is trying to access.
More information about the Zope
mailing list