[Grok-dev] Grokwiki Security in Eggified Grok
Steve Schmechel
steveschmechel at yahoo.com
Sat Aug 18 01:00:47 EDT 2007
It used to be that editing securitypolicy.zcml and principals.zcml in
parts/instance/etc and adding "grok.define_permission" and
"grok.require" statements to the code, allowed one to require
authentication with proper permissions in order to edit pages.
Using current trunk code, it appears that the security directives go
into the buildout.cfg and are then copied into
parts/grokwiki/site.zcml. However, tese settings seem to have little
effect. (Even changing just the manager password that is built by
default.)
Instead of the app causing the browser to display a login/password
dialog when trying to edit, the browser is redirected to the admin
page, where a form-based login and password only responds to the
original grok/grok authentication.
Am I missing something simple? Has something changed due to the new
(much nicer) admin page? What is the proper way to apply security to
specific operations?
Thanks,
Steve
____________________________________________________________________________________
Yahoo! oneSearch: Finally, mobile search
that gives answers, not web links.
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC
More information about the Grok-dev
mailing list