[Zope-CMF] Private CMF site
Greg Ward
gward@python.net
Wed, 19 Feb 2003 11:37:24 -0500
I'm trying to make a private CMF site, ie. you must be authenticated to
access any content (apart from /portal/login_form, of course). Also,
the site will be read-only to most visitors -- only a few privileged
content managers will be able to add/modify content.
So I went to the "Security" tab under /portal and did the following:
* disable "Acquire permission settings" for all permissions
* ensure that role "Anonymous" has no permissions
* ensure that role "Authenticated" has only a few permissions,
specifically:
Access contents information (?? what's this for ??)
View
View History
query (?? what's this for ??)
* ensure that the role "Manager" has all permissions
Now it's impossible to access the site due to a redirect loop:
GET /portal/
redirects to
/portal/login_form?came_from=http%3A//localhost/portal/index_html&retry=
and
GET /portal/login_form?came_from=http%3A//localhost/portal/index_html&retry=
redirects to
/portal/login_form?came_from=http%3A//localhost/portal/index_html&retry=
...and 'round and 'round we go. Argggh. I've set
EVENT_LOG_SEVERITY=-300 and run "start -D" for maximal logging, but
there's nothing showing up in the log output. Not a sausage. Bugger
all.
Any tips on how to diagnose and/or fix the redirect loop? Or is there a
better/easier/simpler/cleaner/working way to make a CMF site private
that doesn't involve mass permission twiddling?
Thanks --
Greg
--
Greg Ward <gward@python.net> http://www.gerg.ca/
Pointers are Arrays; Code is Data; Time is Money