-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chris Withers wrote: | Hi Dieter, | | Dieter Maurer wrote: | |> When I remember right, you used a template to verify |> the behaviour you expect Zope to have. |> |> But a standard template tries to access its client |> (in your setup the protected folder) to show its "title/id". |> And this fails, when the client does not grant "Access contents |> information" |> (in case "client" is a "Folder" as in your case). |> |> I suggest, you try again with an "Image" object instead of |> a template or remove all references to "here" and "container" |> in your (Page) template. | | | Apologies, both you and Bart Hubbard, who pointed out the same | reasoning, are completely correct. This feels like a pretty horrible | security hole to me :-( | | What do other people think? This is *by design*, Chris: it allows for "customers who have customers" to set up access to subsites, without requiring that users who can see the subsite to have *any* privileges at the layers above. In Unixy terms, this is like making the parent directories "a+x" (they can be traversed) without requiring that they be "a+r" (readable). FWIW, Zope3 allows this choice to be pluggable, because traversal is governed by view components, which are configured by default to check access. Tres. - -- =============================================================== Tres Seaver tseaver@zope.com Zope Corporation "Zope Dealers" http://www.zope.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCEz2WGqWXf00rNCgRAtxOAJ0SwRLFTE+SB2N8c8pr1CwCq2XCxgCfbgtd tc2//3nDIqyF1+3OG7ReiAc= =TDAe -----END PGP SIGNATURE-----