[Zope-dev] security question
Shane Hathaway
shane@digicool.com
Sat, 16 Jun 2001 16:13:21 -0400
Tim McLaughlin wrote:
> root has a role called 'User' with 'View' permissions (anonymous is
> disabled) and acl_users has a user called joe. joe can access objects in
> folder2 according to the permissions set on the root by using acquisition
> like this:
> http://server/folder1/folder2/object1
> joe cannot however, access them directly:
> http://server/folder2/object1
>
> Does this seem strange to anybody else, or have I just been working too
> long?
What version of Zope? What OS? Are you using a user folder other than
the "stock" acl_users?
Shane