[Zope] Non-existing Zope-Security!!!
Joachim Werner
joachim.werner@iuveno.de
Fri, 13 Oct 2000 14:59:47 +0200
> Create the user in the top level folder that they are allowed to
> see.
> Not in the /www folder
That alone wouldn't do it if we are talking about "seeing the objects", e.g. by
calling the "objectIds" method in the root folder. You also have to switch off
the root folder's "Access contents information" rights for Anonymous and the
sub-tree managers. I think Zope security is really a bit weak here because the
standard settings are NOT blocking "Access contents information" and blocking
it makes programming a bit harder ...
BUT: You CAN configure it correctly if you want to.
Joachim
--
Iuveno - Smart Communication
Joachim Werner
_________________________________________
Marie-Curie-Straße 6
85055 Ingolstadt
Tel.: +49 841/90 14-325 (Fax -322)
Mobil: +49 179/39 60 327
E-Mail: joachim.werner@iuveno.de/joachim.werner@iuveno-net.de
WWW: www.iuveno.de/www.iuveno-net.de