From: "Geir Bækholt" <lists@elvix.com>
On Thu, 27 May 2004 11:09:46 -0400 GMT Jonathan Hobbs asked the Zope mailinglist about the following:
I thought I understood permissions and roles, but...
I have a folder ('Data') with the 'View' security role set to 'Authenticated', and 'Acquire Permissions' is NOT checked for 'View'.
When, as an 'anonymous' user, I try to access an object within the 'Data' folder the security popup window (enter your name/password) is displayed. This works as I expected it to.
I have created a dtml method called 'Display'. This test routine is hardcoded to display an object from the 'Data' folder. I have set the Proxy role for the Display method to "Authenticated". When, as an 'anonymous' user, I access the 'Display' method the security popup window appears?! Shouldn't the Proxy role assigned to the dtml method enable access to the object in the folder?
Is the 'Display'-method incidentally also located inside the Data folder? If that is the case, anon is still not allowed to access it, and proxy /no proxy will not matter.
No, the 'Display' dtml method and the 'Data' folder are both objects in the same, higher level folder ie. Folder A | |-- Display method |-- Data folder | |-- image file where 'image file' is the object that 'Display' method is trying to access.