At 05:21 AM 2/28/2003, Tim Hicks wrote:
The only downside I can see is that all users would be able to see the management screens. This may potentially reveal more information than is desirable (depending on what the management screens show of course).
One fairly easy hack would be to drop a specially named method in each root folder that returns some string value. Let's call it my_access_rights. Then secure that object with the set of privileges you want to pertain to those able to manage folder contents. Put a different one at each point where your access scheme changes. With that in place, make sure each of your management screens do something like: <dtml-call my_access_rights> If it's not accessible (or isn't there at all) your user is probably trying to play outside the sandbox. Luckily, the interface will kick out an error instead of rendering. You'll probably want a special standard_error_message for the control folder. HTH, Dylan