[Zope] Security and Acquistition Problem
Jeff Hoffman
jeff.hoffman@goingv.com
Thu, 9 Nov 2000 12:03:27 -0500 (EST)
On Thu, 9 Nov 2000, Charlie Wilkinson wrote:
> / (Root Folder)
> / acl_test (ACL Test Folder)
> acl_users (User Folder)
> index_html (Test Document)
>
> Now, referring to figure 1, changes to security settings for the acl_test
> folder are having no effect on access to index_html. Only when I change
> the security settings on index_html itself, can I control access to it.
>
> So what this boils down to is that as of v2.2.whatever, an acl_users
> folder apparently does not protect the folder it's in (parent folder),
> but only it's sibling objects and below. Meaning that instead of setting
> permissions on the parent object and being done with it, one now has to
> set permissions for each sibling. In my case that's 50 or more objects
> and I'm not done coding yet. Ouch! This *can't* be right, can it?
> I know there's a lot that's happened with the security model, so I'm
> really *really* hoping this is just a bug that's crept in.
This is the way Zope has always behaved, unless my memory is failing me.
Here's a thought to consider: In your model, the root acl_users would have
to appear _above_ the root folder (/) in the hierarchy for things to
function correctly. As it stands, acl_users in the root folder affects all
things in the root folder and below. As it stands, your acl_users (in
acl_test) affects all things in your acl_test folder and below. This is
consistent.
If you have 50 or so objects, and setting permissions is the obstacle,
simply write a Python Method (or DTML, if you prefer) to iterate over the
50 and tweak them. Then, you won't have to manually do the work through
the management interface.
> Thanks for any clues,
Hope this helps,
> Charlie
--Jeff
---
Jeff K. Hoffman 704.849.0731 x108
Chief Technology Officer mailto:jeff.hoffman@goingv.com
Going Virtual, L.L.C. http://www.goingv.com/