Andre Schubert wrote:
Hi all,
i have a little security problem. let me explain.
root/ index_html foo/ acl_users/ bar/ Image
I have a image which could only be view by users with a role named foobar, these users are in acl_users. If i access the image through the web a must authenticate myself for the first time, after that everything works well. But if i want to access the Image via <dtml-var Image> from the index_html in the root-folder a got no access. After searching at Zope.org i tested with <dtml-var "restrictedTraverse('')"> but this doesnt works. How do i authenticate myself in foo if i access the folder via dtml.
Thanks as
P.S.: Sorry for my bad english
Hi Andre How about in index_html: <dtml-with foo/bar> <dtml-var image> </dtml-with> and give a proxy role to the method (however I would not give a proxy role to index_html but use a separate methode which then is called/included in index_html). (I think this question would fit better to the zope@zope.org mailing list than to this one ;-) Regards --- Flynt