[Zope] limiting view access to acl_users

gf gyromagnetic at gmail.com
Fri Feb 24 14:39:54 EST 2006

On 2/24/06, David <bluepaul at earthlink.net> wrote:
> gf wrote:
> >Hi,
> >I am relatively new to Zope and have a question regarding acl_user folders.
> >
> >I am trying to prevent 'view' access to an acl_users folder that I
> >have created in a non-root area of my website.
> >
> >I have used the management interface Security tab to uncheck the
> >'Acquire permission settings' for the 'View' Permission and have
> >enabled View for the Manager role only.
> >
> >I have taken the same actions for my root acl_users folder as well.
> >
> >When I browse to http://mysite/myfolder/acl_users, I am presented with
> >a view of the index_html file contained within myfolder, with the
> ><dtml-var title_or_id> 'output' indicating that it is 'User Folder'.
> >
> >Why is acl_users making use of the container's index_html? Is there a
> >way to limit even View access to this folder?
> >
> >Thanks.
> >
> >-g
> >
> >
> gf,
> Thats normal zope acquisition.  When you access a folder with no
> viewable object it goes *up* in search of something to acquire and
> index_html is implied.  Authorization occurs when something is about to
> be published or accessed - not just typed in a URL.
> David

Hi David,
I appreciate the clear explanation. That certainly makes sense.
Does that mean, then, that it is not really possible to limit view
access like I want without some 'extraordinary' measures? Is it
possible to have this particular folder type acquire some other object
instead of index_html? I suppose if I could redirect to another folder
that would be sufficient.



More information about the Zope mailing list