[Zope] Need help with security and local roles w/ GRUF

Dieter Maurer dieter at handshake.de
Sat Jan 17 18:02:05 EST 2004


Jake Latham wrote at 2004-1-16 13:45 -0700:
> ...
>We've got a Zope/Plone site where we want our customers to be able to log
>in, and be taken to their directory:
>
>/Customers/
>  CustomerA/
>  CustomerB/
>  ...
>That much works fine.  The problem is that we need to set up permissions so
>that the customers can only see their own directory, i.e. CustomerA cannot
>go poking around in CustomerB's folder, were they to type in the correct URL
>(or by mistake)
>
>We've fiddled with various combinations of local roles and defining a new
>role - "Customer" to try and limit permissions, but we can't get it to work
>quite right.  Perhaps we are not modifying the correct Permission? (We had
>been modifying the "view" permission).

Viewing is usually controlled by 2 permissions: "View" and
"Access contents information". I expect, your customers should
be able to do more than just view their own object...


When you describe clearer what you did and in what way this did not
work, we may help you better.

-- 
Dieter



More information about the Zope mailing list