[Zope] Obscure security?

Ragnar Beer rbeer@q-ality.de
Thu, 22 Nov 2001 13:37:23 +0100


Howdy!

I spent some time searching the documentation for an explanation of 
the "Access_contents_information" permission but didn't find 
anything. I think this is vital information for any Zope admin and 
should be easy to find. How can I set up permissions when I can't 
find out exactly what permissions I'm actually granting?

I'm (once again) in the situation where an authenticated user cannot 
access an object unless the "Anonymous" role is given the permission 
to "Access_contents_information" (the role of the authenticated user 
has that permission). This reminds me of the old non-root Squisdot 
bug, but I can't solve it by upgrading Zope this time, because I 
already installed 2.4.3. On the other hand I can't find out what kind 
of holes I'm opening by giving this permission to "Anonymous".

What can I do?

Ragnar