[Zope] VirtualHostMonster: access to all content in instance

Andrew Milton akm at theinternet.com.au
Fri Jul 4 09:33:03 EDT 2008


+-------[ Jonas Meurer ]----------------------
| Hey Andrew,
| 
| thanks for your fast reply.
| 
| On 04/07/2008 Andrew Milton wrote:
| > | Is this a known issue? I consider that as a quite serious bug, as both
| > | project1 and project3 might be private and should not be published over
| > | the globally available apache rewriterule.
| > 
| > Welcome to Acquisition 101.
| > 
| > This is known behaviour, and in fact for most of us *wanted* behaviour.
| > You will have to restructure your Zope to avoid this, or set appropriate
| > permissions and acl_users to avoid cross-contamination of the sites.
| 
| Oh, too bad ...
| 
| How to deal with that '*wanted* behaviour' if I do have several public
| projects on the same zope instance but don't want all of them being
| accessible through the domain of every other project? For example two
| competing projects/organisations might be hosted on one and the same
| zope instance, and for sure project 'red' would hate it to make project
| 'green' available through their domain via http://www.red.org/green.

You setup your folders with an acl_users (I assume they actually do have
one).

/projects/red/acl_users

/projects/green/acl_users

Set up "Green" role on green
Set up "Red" role on red

Uncheck 'Acquire' from the permissions.

Remove Red permissions on green
Remove Green permissions on red

Make sure each user in the relevant project folder has the right role
too.

Then red.org/green would go

/projects/red/green/

Assuming your username/password pair doesn't exist in both acl_users the
red will authenticate you and give you the 'red' role which won't allow
you to view the green folder.

-- 
Andrew Milton
akm at theinternet.com.au


More information about the Zope mailing list