31 May
2003
31 May
'03
5:33 p.m.
Andrew R. Halko wrote at 2003-5-31 10:38 -0400:
... domain auth mode ... How do you override this setting?
You cannot override it, but when the UserFolder works correctly, it should use this user only when its roles are sufficient for the current request. Otherwise, it should return None which results in an "Unauthorized" response (unless there is a UserFolder higher up which can authenticate the user with the required roles). The "sufficient" roles are determined (only) from the published object (i.e. the one located by traversal). Try to access an objects viewable only to (e.g.) "Manager" (e.g. "acl_users/manage_users"). You should get a login dialog (unless you have been logged in a "Manager"). Dieter