Tres Seaver wrote:
bruno modulix wrote:
Dieter, I didn't misunderstood your proposed solution. But some users exist in different CPMs with different roles in each CPM. So - unless I'm totally at lost with how Zope's security works - if User1 has role RoleWithMuchPrivileges in Cpm1 and role RoleWithFewPrivileges in Cpm2, he could gain RoleWithMuchPrivileges in Cpm2 just by using faked url cpm1/cpm2/whatever_he_should_not_access_here. Worse, anyone existing in any CPM could gain access to any other CPM just by faking url.
The Zope security machinery goes out of its way to prevent such an exploit:
Which one ? I have the case where authentication happens in the context, not containment, ie given two sibling folders fa and fb, each with it's own acl_user, if UserA exists in fa['acl_users'] and not in fb['acl_users'], then UserA is still authenticated in fb when accessing it thru fa/fb (while he is not when accessing fb directly).
essentially, it considers only "containment" acquisition when evaluating roles, etc.
I wasn't very sure about this. If I understand correctly, this means that authentication can come from an acl_user aquired by context (this is what I've experimented), but that roles/permission lookup will only happens in the containment hierarchy ? -- Bruno Desthuilliers Développeur bruno@modulix.org