Am Mon, 2002-08-19 um 22.35 schrieb Dieter Maurer:
Andreas Kostyrka writes:
I've been trying to define a staff role, which is basically a Manager that can create/edit/delete 2 kinds of objects (OrderedFolder, Structured Document).
Now I'm getting a funny behaviour: My test user can access the "/manage" Frameset, but instead of the contents pane, the user gets the website rendered. This happens, when the user is not allowed to access any of the management tabs. Well, this cannot be, I've clicked ALL permissions on the Security Tab of the Root folder of this vhost. When I change the role back to manager, the user is able to see the management interface. When I change the role of the user to staff (which has all permissions), I see index_html. (If you have trouble to believe me, I can add an account for you ;) )
... Additionally it seems, that there are "Add Structured Document" permissions, but no "Change Structured Document" permission :( Then, you want to check by which permission the respective method is protected. Look at the source or use "DocFinder[EveryWhere]" with "ZopeSecurityPolicy=Python" (see mailing list archives for details). I'll look for it :)
Andreas