[Zope-CMF] CMF and Permissions?
Dieter Maurer
dieter@handshake.de
Thu, 29 Nov 2001 23:36:34 +0100
alan runyan writes:
> I am trying to restrict anonymous view of my intranet (root of my CMF site)
> while allow anonymous views to my public website (a subfolder in my CMF
> site). Zope is not liking what I'm doing. I think its because of the
> traversing and how CMF munges it maybe. I would appreciate any help.
>
> / Root
> --/client_portal (CMF instance, Anonymous should not be able to View)
> --/client_public_website (Portal Folder that contains content, Anonymous
> should be able to View)
>
> intranet.client.com is virtual hosted to /client_portal
> www.client.com is virtual hosted to /client_portal/client_public_website
>
> in client_portal I have uncheck 'acquire' permissions on View and not
> allowed Anonymous to view
> on client_public_website I have unchecked 'acquire' on View and allowed
> Anonymous and everyone else
>
> if you goto www.client.com it horks trying to redirect you to /loginform
> (this is CookieCrumbler) doing this.
Disable the CookieCrumber.
You will then get the browsers login dialog. Abort the login.
You will get a traceback that gives you hints what need to be
accessed and cannot be.
I expect, your request tries to use general portal infrastructure
above your subsite. As you probably understand, acquisition should
not be able to expose objects that a user can not access directly...
Dieter