[Zope] Security and Acquistition Problem

Jeff Hoffman jeff.hoffman@goingv.com
Thu, 9 Nov 2000 12:03:27 -0500 (EST)


On Thu, 9 Nov 2000, Charlie Wilkinson wrote:

> / (Root Folder)
> 	/ acl_test (ACL Test Folder)
> 		acl_users (User Folder)
> 		index_html (Test Document)
> 
> Now, referring to figure 1, changes to security settings for the acl_test
> folder are having no effect on access to index_html.  Only when I change
> the security settings on index_html itself, can I control access to it.
> 
> So what this boils down to is that as of v2.2.whatever, an acl_users
> folder apparently does not protect the folder it's in (parent folder),
> but only it's sibling objects and below.  Meaning that instead of setting
> permissions on the parent object and being done with it, one now has to
> set permissions for each sibling.  In my case that's 50 or more objects
> and I'm not done coding yet.  Ouch!  This *can't* be right, can it?
> I know there's a lot that's happened with the security model, so I'm
> really *really* hoping this is just a bug that's crept in.

This is the way Zope has always behaved, unless my memory is failing me.
Here's a thought to consider: In your model, the root acl_users would have
to appear _above_ the root folder (/) in the hierarchy for things to
function correctly. As it stands, acl_users in the root folder affects all
things in the root folder and below. As it stands, your acl_users (in
acl_test) affects all things in your acl_test folder and below. This is
consistent.

If you have 50 or so objects, and setting permissions is the obstacle,
simply write a Python Method (or DTML, if you prefer) to iterate over the
50 and tweak them. Then, you won't have to manually do the work through
the management interface.

> Thanks for any clues,

Hope this helps,

> 		Charlie

--Jeff

---
Jeff K. Hoffman                               704.849.0731 x108
Chief Technology Officer                      mailto:jeff.hoffman@goingv.com
Going Virtual, L.L.C.                         http://www.goingv.com/