Debugging security settings in .metadata files
I have a set of files - page templates, python scripts, and zsql methods - that are set up as filesystem objects. I'm having trouble getting the security set the way I want it to be with the .metadata files. Here is the content of my .metadata files: --------------8<------------------------- [security] View = 0:Manager Access contents information = 0:Manager Access Contents Cnformation = 0:Manager -------------8<-------------------------- However, I can still access my content through an anonymous context. Can anyone give me some ideas about debugging my situation? Thanks! Zope 2.7.7-final, python 2.3.5, freebsd5 CMF 1.4.8 fm
Floyd May wrote:
I have a set of files - page templates, python scripts, and zsql methods - that are set up as filesystem objects. I'm having trouble getting the security set the way I want it to be with the .metadata files. Here is the content of my .metadata files: --------------8<------------------------- [security] View = 0:Manager Access contents information = 0:Manager Access Contents Cnformation = 0:Manager -------------8<--------------------------
However, I can still access my content through an anonymous context. Can anyone give me some ideas about debugging my situation? Thanks!
Zope 2.7.7-final, python 2.3.5, freebsd5 CMF 1.4.8
Looks okay to me, though I don't know what you're doing with the third line. Check what it looks like in the ZMI. This will tell you whether or not the problem is in getting the permissions set like you expect. --jcc -- "Building Websites with Plone" http://plonebook.packtpub.com/ Enfold Systems, LLC http://www.enfoldsystems.com
I don't know what you're doing with the third line... Me neither, typo.
Check what it looks like in the ZMI. This will tell you whether or not the problem is in getting the permissions set like you expect.
Filesystem objects don't have a security tab in the ZMI (or at least, these don't). Should one be there? fm On 10/27/05, J Cameron Cooper <zope-l@jcameroncooper.com> wrote:
Floyd May wrote:
I have a set of files - page templates, python scripts, and zsql methods - that are set up as filesystem objects. I'm having trouble getting the security set the way I want it to be with the .metadata files. Here is the content of my .metadata files: --------------8<------------------------- [security] View = 0:Manager Access contents information = 0:Manager Access Contents Cnformation = 0:Manager -------------8<--------------------------
However, I can still access my content through an anonymous context. Can anyone give me some ideas about debugging my situation? Thanks!
Zope 2.7.7-final, python 2.3.5, freebsd5 CMF 1.4.8
Looks okay to me, though I don't know what you're doing with the third line.
Check what it looks like in the ZMI. This will tell you whether or not the problem is in getting the permissions set like you expect.
--jcc -- "Building Websites with Plone" http://plonebook.packtpub.com/
Enfold Systems, LLC http://www.enfoldsystems.com
Floyd May wrote:
I don't know what you're doing with the third line...
Me neither, typo.
Check what it looks like in the ZMI. This will tell you whether or not the problem is in getting the permissions set like you expect.
Filesystem objects don't have a security tab in the ZMI (or at least, these don't). Should one be there?
Hm. Seems they don't. Customize it and look at the security tab of that. --jcc
On 10/27/05, J Cameron Cooper <zope-l@jcameroncooper.com> wrote:
Floyd May wrote:
I have a set of files - page templates, python scripts, and zsql methods - that are set up as filesystem objects. I'm having trouble getting the security set the way I want it to be with the .metadata files. Here is the content of my .metadata files: --------------8<------------------------- [security] View = 0:Manager Access contents information = 0:Manager Access Contents Cnformation = 0:Manager -------------8<--------------------------
However, I can still access my content through an anonymous context. Can anyone give me some ideas about debugging my situation? Thanks!
Zope 2.7.7-final, python 2.3.5, freebsd5 CMF 1.4.8
Looks okay to me, though I don't know what you're doing with the third line.
Check what it looks like in the ZMI. This will tell you whether or not the problem is in getting the permissions set like you expect.
--jcc -- "Building Websites with Plone" http://plonebook.packtpub.com/
Enfold Systems, LLC http://www.enfoldsystems.com
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
-- "Building Websites with Plone" http://plonebook.packtpub.com/ Enfold Systems, LLC http://www.enfoldsystems.com
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 J Cameron Cooper wrote:
Floyd May wrote:
I think Floyd is barking up the wrong tree: skins are not supposed to be the primary mechanism for protecting content. Rather, work out how to get the security settings right on the *content*, and the problem will solve itself. Workflow exists to solve primarily this problem. This qustion belongs on the zope-cmf list, BTW. Tres. - -- =================================================================== Tres Seaver +1 202-558-7113 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFDYVwa+gerLs4ltQ4RAuP4AJ43F3VKcFgzyrjhV7nQdp2chFgYfACfTPKA omVMDzN6drh3TfWKU8iBPtg= =L2Bt -----END PGP SIGNATURE-----
J Cameron Cooper wrote:
Filesystem objects don't have a security tab in the ZMI (or at least, these don't). Should one be there?
Hm. Seems they don't.
They don't have the tab, but the method is still there, do some url hacking ;-)
Customize it and look at the security tab of that.
Hmm, I wouldn't trust this not to change things in other interesting ways :-S Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
participants (4)
-
Chris Withers -
Floyd May -
J Cameron Cooper -
Tres Seaver