3 Aug
2001
3 Aug
'01
6:48 p.m.
Hello Joachim, Joachim Werner writes:
Zope security had been strengthened to explicitly forbid access to objects outside the folder covered by the authenticating user folder.
That's good in terms of security. But also extremely limiting. My idea was that I'd be able to say
"All editors can edit stuff" and protect the corresponding methods with the "Edit stuff" permission. Then I'd assign the "Editor" role on a local basis, either using local roles or our Slave User Folder. The "local role" approach should work, the "slave user folder" not.
Dieter