[Zope] webdav

John Hunter jdhunter at ace.bsd.uchicago.edu
Fri Sep 10 15:17:14 EDT 2004


I have a zope server distributing files (eg microsoft word files).
These files are templates and should not be editable in place by users
using webdav.  I want them to download them, edit them on their
computer, and then upload the modified document through a web form,
which will place the modified document in a new folder.  This works
fine on linux / osx / etc across many browsers.

I am also using CookieCrumbler for authentication.

On Windows computers running IE, however, when a user clicks on one of
the documents, the basic authentication dialog appears even though
they have been authenticated already with cookie crumbler.  I've read
that you can serve these documents over the webdav src port to work
around this, because webdav doesn't understand cookies.  I haven't
tried it yet because authentication is not my primary concern.  As I
understand it, webdav is used so that effectively users can edit
documents in place.  I want to prevent this.

What is the right way to achieve this?  I was hopeful that by changing
the "WebDAV access" and related webdav permissions so that the users
don't have permission to do this I could circumvent the problem.  This
may ultimately work, but I still get the basic authentication dialog.
Perhaps if I serve it over the webdav port and remove webdav
permissions in the securities tab I can get everything I want, which
is: users have read only access to the document and authentication is
with cookie crumbler.

I hate it when computers try and be helpful.

Suggestions, please.

Thanks,
John Hunter 
zope 2.7


More information about the Zope mailing list