[Zope-dev] Help on Zope security needed ...

Oliver Bleutgen Oliver Bleutgen <myzope@gmx.net>
Thu, 2 Aug 2001 14:12:17 +0200


Just resending to zope-dev,
silly me adressed zope at first...


Hi,
just to give a little more weight to that...

>  > The funny thing is: http://.../ROOT/FOLDER/title will work fine ...
> Indeed, funny. Should probably not happen. Are you
> sure, you get the "title" form root and not that from "FOLDER"
> (it has a "title" of its own).

Just tested it with blank zope 2.3.3

/
method
 - testfolder
   - userfolder with user test and manager role (just in testfolder!)

The following doesn't work for user test:

http://localhost/method/manage


The following _will_ work for user test:

http://localhost/testfolder/method/manage


and let's me change method, which is contained
in zopes root.

Hmm, this shouldn't be so, should it?


cheers,
olier