[Zope] Non-existing Zope-Security!!!

[knight]

Also, consider adding an accessrule. This won't stop them from using
__no_before_traverse__ or _SUPPRESS_ACCESSRULE but it will make it
'appear' there is nothing more than the current level.

knight
knight@phunc.com

On Fri, 13 Oct 2000, Tim Cook wrote:

> Stephan Goeldi wrote:
> > 
> > OK let me state that I don't think so (subject line). I had to choose this
> > subject, because it seems to me, that nobody was interested in my previous
> > attempts to get information about my problem. So here is my newbie (?)
> > question again:
> > 
> > I have the folders:
> > 
> > /www/folder1
> > /www/folder2
> > 
> > Apache redirects domain1 to folder1 and domain2 to folder2.
> > The manager of folder1 is able to browse to /www and see what folders exist
> > there. He shouldn't, because he only exists in the acl_user of /www/folder1.
> > He even can look into the folder /www/folder2 (but not into the objects).
> > 
> > Is it possible to disable the access for the folder1-manager above folder1?
> > It doesn't seem to me. If it really isn't possible, there is no security at
> > all for ISP uses of Zope. But I'm sure, there should be a possibility.
> > 
> > I even created a local role in /www/folder1 too. Even with the local role I
> > can browse /www and /www/folder2!
> > 
> > Any suggestions?
> 
> Create the user in the top level folder that they are allowed to
> see. 
> Not in the /www folder
> 
> HTH,
> -- Tim Cook --
> Cook Information Systems | Office: (901) 884-4126 8am-5pm CDT
> Free Practice Management 
> Project Coordinator http://www.freepm.org
> OSHCA Founding Supporter http://www.oshca.org
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
> 
>