"Brad Crittenden" <bac@ivc.com> wrote:
hello:
for my zope, the root directory is protected so that anonymous users have no permissions. in addition to root, two other users are defined and given the role 'internal'. one of the users has a username/password. the other allows access based upon IP range. this works as intended.
i now want to give anonymous users permission to access /subfolder/index_html. this dtml method accesses a database and uses LocalFS.
my first attempt to realize this was to assign the appropriate permissions to Anonymous for index_html. when this failed, i went to the /subfolder security and modified permissions there that seemed relevant. i tried many combinations until finally giving up and granting all available permissions to Anonymous at the /subfolder and /subfolder/index_html levels. so now, all permissions are checked for 'acquire' and for 'Anonymous'.
even this does not work! users attempting to access http://myzope/subfolder/index_html are greeted with an authentication dialog.
so, despite the fact that security seems to be a pretty simple concept i seem to be missing something fundamental.
any insight would be appreciated.
Chris Withers <chrisw@nipltd.com> replied:
so, despite the fact that security seems to be a pretty simple concept i seem to be missing something fundamental.
Security is never a simple concept, especially in system as complex as Zope.
Some decent documentation would help ;-)
The key to figuring this behavior out is understanding how ZPublisher maps a URL: * Split the URI path into a sequence of names * From the root, traverse each named object in order (allowing it to intercept the traversal, if it wants). Traversal requires at least minimal permissions on the traversed-through object. * During traversal, allow the acquisition machinery to operate * If the last item traversed to is callable, call it; otherwise, render it. This works somewhat like permissions on a Unix directory: you have to have the executable bit set in order to traverse the directory, and the read bit set in order to list it. Hope this helps! Tres. -- ========================================================= Tres Seaver tseaver@palladion.com 713-523-6582 Palladion Software http://www.palladion.com