[Zope] Folder visibility
J. Cameron Cooper
jccooper@rice.edu
Mon, 06 Aug 2001 08:52:08 -0500
>
>
>If I give FolderViewer access to Client1, then can they still not
>just change the url to /Client2 and because access it; Since both
>folders have access for FolderViewer and the acutal person logging
>on has a local role of FolderViewer.
>
>It seems like I have to create a FolderViewer1 for Client1 and
>FolderViewer2 for Client2.
>
I'd try to answer in French, but frankly I'd just be embarassing myself...
If Person1 has a local role of 'FolderViewer' in Folder1, but not in
Folder2, he cannot do 'FolderViewer' things in Folder2, even through
acquisition. At least, that's how it should work.
Security in Zope is an entirely local affair, and neither the client
session state nor anything other than location matters. You only have
the access of a local role in the object in which it was granted and its
children. Not siblings, not ancestors, nothing else. Consider it like
placing a user folder in a subfolder of root: users cannot authenticate
at the root level or in other folders, only in the folder in which the
user folder lives.
--jcc
(authenticated)