Jake Latham wrote at 2004-1-16 13:45 -0700:
... We've got a Zope/Plone site where we want our customers to be able to log in, and be taken to their directory:
/Customers/ CustomerA/ CustomerB/ ... That much works fine. The problem is that we need to set up permissions so that the customers can only see their own directory, i.e. CustomerA cannot go poking around in CustomerB's folder, were they to type in the correct URL (or by mistake)
We've fiddled with various combinations of local roles and defining a new role - "Customer" to try and limit permissions, but we can't get it to work quite right. Perhaps we are not modifying the correct Permission? (We had been modifying the "view" permission).
Viewing is usually controlled by 2 permissions: "View" and "Access contents information". I expect, your customers should be able to do more than just view their own object... When you describe clearer what you did and in what way this did not work, we may help you better. -- Dieter