[Zope] limiting view access to acl_users

David bluepaul at earthlink.net
Fri Feb 24 14:25:38 EST 2006

gf wrote:

>I am relatively new to Zope and have a question regarding acl_user folders.
>I am trying to prevent 'view' access to an acl_users folder that I
>have created in a non-root area of my website.
>I have used the management interface Security tab to uncheck the
>'Acquire permission settings' for the 'View' Permission and have
>enabled View for the Manager role only.
>I have taken the same actions for my root acl_users folder as well.
>When I browse to http://mysite/myfolder/acl_users, I am presented with
>a view of the index_html file contained within myfolder, with the 
><dtml-var title_or_id> 'output' indicating that it is 'User Folder'.
>Why is acl_users making use of the container's index_html? Is there a
>way to limit even View access to this folder?

Thats normal zope acquisition.  When you access a folder with no 
viewable object it goes *up* in search of something to acquire and 
index_html is implied.  Authorization occurs when something is about to 
be published or accessed - not just typed in a URL.


More information about the Zope mailing list