[Zope] Simple security puzzle
Stuart 'Zen' Bishop
zen@cs.rmit.edu.au
Fri, 4 Feb 2000 09:16:54 +1100 (EST)
On Thu, 3 Feb 2000, Robb Shecter wrote:
> The problem: Some sub folders require certain roles or users for
> access. And of course, I want these subfolders included in the
> listing - when the user clicks on them, they'd get asked to log in...
>
> But, with the above method, any sub folders that require a different
> role than anonymous don't get shown at all. If I remove
> "skip_unauthorized", then I get a security exception, apparently when
> trying to access the sub folder attributes.
>
> To me, it looks like I want the equivalent of a unix setuid program -
> the anonymous user runs my method, and my method runs with different
> permissions.
You need to give your method a proxy role (Zopespeak for suid).
In the management screens of your DTML method, you will find a proxy
tab. Follow the bouncing ball from there.
--
___
// Zen (alias Stuart Bishop) Work: zen@cs.rmit.edu.au
// E N Senior Systems Alchemist Play: zen@shangri-la.dropbear.id.au
//__ Computer Science, RMIT WWW: http://www.cs.rmit.edu.au/~zen