Tim Considine writes:
(1) I want to set the security properties of a sub-folder to relate to=20 a specific user. So I uncheck View for the anonymous user to "force" a=20 Zope login. But it doesn't appear to work. So I uncheck Access=20 Contents too - and it does seem to work.
What is the difference between these 2 permissions ? The basic Zope security machinery does not associate semantics with the permissions. It is up to the developer (and his sense for consistency and semantics) to choose properly named permissions.
I did not yet see a document that describes rules/guidelines on how permissions are used to protect Zope methods.
(2) Also I am struggling then to make Zope check the=20 AUTHENTICATED_USER against a property set for the folder which contains=20 the authorised user's initials (which are the same as login name). What is a property set?
I am trying to use a standard DTML method but set individual property=20 elements for each sub-folder. Is this OK as an approach ? Or is there=20 a better one ?
My DTML code is this ... but it's clearly wrong ! [User is name or=20 property element set for the folder.]
<dtml-if expr=3D"AUTHENTICATED_USER.getUserName()=3D=3DobjectValues('User= ')"> "objectValues(meta_type)" returns the contained objects of an ObjectManager (!) with meta type "meta_type". Never use "objectValues" for objects that are not ObjectManagers. They define a stupid and unusable "objectValues" method.
If your folder has a property called "User", then you would use: <dtml-if expr="AUTHENTICATED_USER.getUserName()=User"> If your "User" would not be a single user, but a list of users, the following would look promissing: <dtml-if expr="AUTHENTICATED_USER.getUserName() in User"> Good reading for people starting to learn Zope: the Zope Book (-> zope.org) and URL:http://www.dieter.handshake.de/pyprojects/zope/book/chap3.html Dieter