I have a 2 zwiki sites with site2 as a child of site1 I do this to inherit the look and feel of site1. Now site2 does not contain standard_wiki_header etc. Instead it inherits this from site1. This is good - and works. Infortunately this standard_wiki_header calls a python script object at the same level as itself (ie site1) Now briefly, site2 continued to work calling this method. I then played around with security settings to not allow annonymous access to either site, and also added extra users and roles to create greater security for site2. At this point site2 could not access the python script as before - even when logged on as superuser will all permisions. Help! _____________________________________________________________________ This e-mail is confidential and may be privileged. It may be read, copied and used only by the intended recipient. No communication sent by e-mail to or from Eutechnyx is intended to give rise to contractual or other legal liability, apart from liability which cannot be excluded under English law. This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Control Centre. www.eutechnyx.com Eutechnyx Limited. Registered in England No: 2172322
Andrew Perella writes:
I have a 2 zwiki sites with site2 as a child of site1 I do this to inherit the look and feel of site1.
Now site2 does not contain standard_wiki_header etc. Instead it inherits this from site1.
This is good - and works.
Infortunately this standard_wiki_header calls a python script object at the same level as itself (ie site1)
Now briefly, site2 continued to work calling this method.
I then played around with security settings to not allow annonymous access to either site, and also added extra users and roles to create greater security for site2.
At this point site2 could not access the python script as before - even when logged on as superuser will all permisions. Is your "superuser" a user defined in an "acl_users" inside "site2"?
Then, it cannot access objects outside "site2" unless they are accessible by "Anonymous". This is a feature, the Zope developers worked hard to get implemented.... Dieter
Thanks for your reply Dieter. Here is a bit more info. For site 1 I have 3 users: tuser - all access except zope admin stuff man - all access except zope admin stuff superuser - all access for site 2 I have another acl_users folder defining only man - all access except zope admin stuff superuser - all access Are you saying that the only way to get aquisition to work is if site1 is accessible by anonymous. If so can I create this hierarchy?: site0 (with anonymous access - but not really a site at all just uncluding all components needed by site1 and site2 such as dtml methods and python scripts etc) site1 (with access to tuser,manmsuperuser) site2 (with access to man and superuser) Thanks, Andrew
Is your "superuser" a user defined in an "acl_users" inside "site2"?
Then, it cannot access objects outside "site2" unless they are accessible by "Anonymous". This is a feature, the Zope developers worked hard to get implemented....
Dieter
_____________________________________________________________________ This e-mail is confidential and may be privileged. It may be read, copied and used only by the intended recipient. No communication sent by e-mail to or from Eutechnyx is intended to give rise to contractual or other legal liability, apart from liability which cannot be excluded under English law. This message has been checked for all known viruses by Star Internet delivered through the MessageLabs Virus Control Centre. www.eutechnyx.com Eutechnyx Limited. Registered in England No: 2172322
Andrew Perella writes:
Here is a bit more info.
For site 1 I have 3 users: tuser - all access except zope admin stuff man - all access except zope admin stuff superuser - all access
for site 2 I have another acl_users folder defining only man - all access except zope admin stuff superuser - all access
Are you saying that the only way to get aquisition to work is if site1 is accessible by anonymous. Acquisition will work perfectly, but Zope's security subsystem will not let you access the objects.
If so can I create this hierarchy?:
site0 (with anonymous access - but not really a site at all just uncluding all components needed by site1 and site2 such as dtml methods and python scripts etc) site1 (with access to tuser,manmsuperuser) site2 (with access to man and superuser) I would expect this...
Dieter
participants (2)
-
Andrew Perella -
Dieter Maurer