[Zope-CMF] Security Bug in CMF???

Marc Fischer marcbpc@gmx.de
Mon, 24 Sep 2001 16:27:33 +0200 (MEST)


Hey, that's it. 

Many thanks to you, andrew and tres for your help :-)


> Marc,
> In the portal_workflow of your cmf root, look at the security tab for the
> publish transition.  It's assigning view on the transition to anonymous;
> just remove that security setting for the transition and update the
> security
> per tres; this should fix your problem.
> Andrew
> > But now I have an additional question according those security settings.
> > If I now create an object the "view" permission is not assigned to
> members
> > anymore :-). But if I publish this item, the "view" and "access contents
> > information" permission are assigned to "anonymous users", too!!! ***
> second
> > problem ***.
> >
> > Instead of this, those permissions should now be assigned to members.
> >
> > Thats not really a problem with content like documents or news, because
> the
> > standard_html_header is not accessible by anonymous users and so the
> document
> > is not accessible, too.
> > But for example a file object could be downloaded by an anonymous
> user!!!
> >
> > Hopefully you could help me in this case, too. (Or somebody else)
> > What is responsible for this setting?
> >
> > Cheers,
> > Marc
> >
> > --
> > GMX - Die Kommunikationsplattform im Internet.
> > http://www.gmx.net
> >
> >
> > _______________________________________________
> > Zope-CMF maillist  -  Zope-CMF@zope.org
> > http://lists.zope.org/mailman/listinfo/zope-cmf
> >
> > See http://www.zope.org/Products/PTK/Tracker for bug reports and feature
> requests
> >
> 

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net