[Zope-dev] Authentication Patch
Anthony Baxter
Anthony Baxter <anthony@interlink.com.au>
Wed, 26 Jan 2000 14:58:01 +1100
>>> "Evan Simpson" wrote
> > Hm, in that case, wouldn't that then just recurse back through
> > the parent folders looking for additional access controls?
>
> Exactly :-) This can allow authentication to succeed at a higher level,
> while still giving you the nice inner Login page if it fails at all levels.
>
> This isn't necessarily desirable in all cases, and you can't even *get* a
> basic authentication dialog when there's an inner cookie-based acl_users
> unless you define a method which explicitly throws 'LoginRequired'. It's
> still an improvement on the current default situation, though.
Should auth behave this way, tho? Should a top level acl_users take
precedence over a lower level one? Doesn't that kill the ability of
a manager of a subfolder to delegate control to their own users?
Anthony