On Tue, Mar 04, 2003 at 04:34:01PM -0500, Caleb Land wrote:
Hello,
I am having trouble with folders and the view permission. Say I have a layout like:
Users + |--index_html |--caleb + | |--Folder 1 | |--brian + |--Folder 2
Now, let's say that user 'caleb' owns the caleb folder, and user 'brian' owns the brian folder. If I set Folder 1 to be View'ed by owner/manager and without acquisition, shouldn't someone logged in as 'brian' be forbidden to see:
/Users/caleb/Folder 1/
even if index_html is able to be View'ed by Anonymous? (because of the context it's being called from)
I just re-read the Zope Book chapter on security, and I think I know what's wrong. The index_html ZPT is executing with the permissions of the ZPT itself, right? If that's the case, then what would be a good way to achieve my original goal? (restricting access to an acquired source based on context (in this case index_html)) Sincerely, Caleb Land (bokonon@rochester.rr.com)