[Zope] Re: AW: Problems with jcNTUserFolder-0.0.4

Jephte CLAIN minf7@educ.univ-reunion.fr
Mon, 03 Apr 2000 09:40:29 +0400


Stuart 'Zen' Bishop wrote:
> On Sat, 1 Apr 2000, Jephte CLAIN wrote:
> > I tested with a standard user folder, and this does not work either.
> > this may be a bug??
> > Let's sum up: the Anonymous role is revoked all rights from the top
> > level, and a role 'User' is created with the same rights as Anonymous.
> > In the toplevel, a user 'u' is given the role 'User'. In a sub folder,
> > another user folder is created, and 'u' is given the roles 'Manager' and
> > 'User'. When 'u' try to browse the subfolder, an exception is raised
> > because he is unthorized to access standard_html_header (???)
> > Note that if standard_html_header is copied in the subfolder, the error
> > goes away.
> > This is very bizarre. Should I post this to the collector?
> It looks like this is the way it is currently supposed to work. Even
> though the users have the same name, they are not the same user object.
> When you log into the subfolder, you are logged in as subfolder/acl_users/u.
> This user has no rights outside of subfolder, and none can be granted.
> 
> So when you try to access subfolder/index_html, you are logged in
> as subfolder/acl_users/u. Zope then tries to render index_html as this
> user. When index_html tries to execute the <dtml-var standard_html_header>
> tag, it will fail since the user we are attached as has no rights outside
> of the subfolder tree.
> 
> And of course, if you point your browser to /standard_html_header, you
> will be able to access it as you will be logging in as /acl_users/u which
> does have the required rights.
> 
> One method of solving the originally posted problem is to have only
> once acl_users folder at the root. The users who need higher rights in
> the subfolders can be granted these rights by using local roles.

If I understand well, it is not possible, not using local roles, to
acquire non anonymous content above a user folder in the hierarchy,
right?
I wonder if this is the reason why local roles were introduced.

have a nice day,
jephte clain
minf7@educ.univ-reunion.fr