Rik Hoekstra wrote:
(snip)
I have a folder
/
index_html
login/ index_html
userfolder/ user1
somethingelse/ stillsomethingelse/
Now calling a url like somethingelse/stillsomethingelse/login/ gives the index_html from login, as it should. But if I set security in the userfolder under login to a role associated with user1, acquisition will not work as (I) expected. User1 will authenticate against a straight url login/, but it will not against somethingelse/stillsomethingelse/login/. User1 _will_ authenticate if he is in a userfolder in /
This is a function of the Zope security model. A user is not allowed to access a protected resource outside of the containment hierarchy where there user is defined.
Does this mean that acquisition does not (always) work between objects that are on a same level
This is a feature of the security model, no acquisition.
(if this means something in the ZODB)?
Acquisition and ZODB are entirely independent. Jim -- Jim Fulton mailto:jim@digicool.com Technical Director (888) 344-4332 Python Powered! Digital Creations http://www.digicool.com http://www.python.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.