[Zope] Non-existing Zope-Security!!!

Stephan Goeldi stephan.goeldi@datacomm.ch
Fri, 13 Oct 2000 10:23:37 GMT


OK let me state that I don't think so (subject line). I had to choose this 
subject, because it seems to me, that nobody was interested in my previous 
attempts to get information about my problem. So here is my newbie (?) 
question again:

I have the folders:

/www/folder1
/www/folder2

Apache redirects domain1 to folder1 and domain2 to folder2.
The manager of folder1 is able to browse to /www and see what folders exist 
there. He shouldn't, because he only exists in the acl_user of /www/folder1. 
He even can look into the folder /www/folder2 (but not into the objects).

Is it possible to disable the access for the folder1-manager above folder1? 
It doesn't seem to me. If it really isn't possible, there is no security at 
all for ISP uses of Zope. But I'm sure, there should be a possibility.

I even created a local role in /www/folder1 too. Even with the local role I 
can browse /www and /www/folder2!

Any suggestions?

TIA
-goe-

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at 
http://profiles.msn.com.