[Zope] Scripts run as least privileged user necessary?
Ken Causey
ken at kencausey.com
Wed Sep 3 09:44:39 EDT 2003
On Wed, 2003-09-03 at 07:30, Chris Withers wrote:
> Ken Causey wrote:
> > I'm running into a strange problem. I have a situation in which I want
> > a script to treat Managers differently than other users. But I'm
> > finding that whether or not I'm logged in as a manager or not the script
> > only considers the user to be 'Anonymous User' as long as 'Anonymous'
> > has View privilege for the script. If I change the Security permissions
> > so that only 'Authenticated' can View the script then the user is
> > properly identified. Is this expected behaviour? This is what I'm
> > seeing on 2.6.1.
>
> What are you trying to do with your script? There may be a better way to tackle
> it...
It is a precondition script whose goal is to try to prevent access to an
image unless you are viewing it embedded within a page of my site. The
closest I've been able to come to this goal is to add a value to the
session within the page and check in the precondition script for the
image that the value is defined. Although not ideal this works
sufficiently.
Where I'm running into the problem I described above is that I wanted to
exempt managers from the check for the session variable. The obvious
way to do that seemed to be to check the role of the user.
I welcome any alternatives you can suggest.
Thanks,
Ken
>
> cheers,
>
> Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.zope.org/pipermail/zope/attachments/20030903/70a09d8a/attachment.bin
More information about the Zope
mailing list