[Zope-CMF] Securing CMF with Page Templates
Kent Polk
kent@goathill.org
Thu, 11 Apr 2002 19:39:29 -0500 (CDT)
Dieter Maurer wrote:
> kent writes:
> > I figured out what is triggering the authentication request with
> > Page Templates. You can access some file attributes correctly, but
> > not others. For example, the following works :
> >
> > <td><a href="filelink"
> > tal:attributes="href string:${file/absolute_url}/view"
> > tal:content="file/Title">file title</a></td>
> >
> > but most other object attributes, like size, bobobase_modification_time
> > or getContentType trigger the authentication request, even though
> > the user has the appropriate role (even local roles makes no
> > difference here) :
> >
> > <td tal:content="file/size">file size</td>
> I can access the file size without any problem in a PageTemplate ...
Have you turned off 'Acquire permission settings' for 'view' to
that object, allowed view permission only for a User defined role,
and then logged in as a user who has that role (or set via local
roles) and then tried to access the file/size for that object from
outside of that object?
It fails every time for me.
It even fails with the default directory view and folder_contents
pt methods here, apparently because they are attempting to access
such information from outside the object.