[Zope] Zope Permissions
Nikko Wolf
nikko-wolf at earthlink.net
Wed Jun 8 19:22:36 EDT 2005
Dieter Maurer wrote:
>Nikko Wolf wrote at 2005-6-7 14:25 -0600:
>
>
>>- I do not want ANY access by unauthorized users. Obviously they
>> must be able to reach a login page, and get instructions on how
>> to request an account, password reset, etc.
>>
>>
>
>Put all content in a subfolder of your site and
>remove "View" and "Access contents information" from
>"Anonymous".
>
>
I have a Plone instance named "/Home" -- do you mean that or a subfolder
of it?
But of course, this killed my entire Plone installation.
I did as you suggested but (in hindsight stupidly!) did not ensure that
anyone else had permissions to "View" and "Access contents information"
-- so even logged in as a Manager I could not access the "/Home" folder
-- including the Security tab where I would go to fix the problem.
Which seems like a design flaw, but....
Fortunately, http://www.zope.org/Documentation/Misc/SECURITY.txt/view
explains about using the emergency user via "zpasswd.py" script, so I
fixed things but not until after a good bit of elevated blood pressure
and a lot of profanity.
But this brings me to an issue I found weeks ago. Whilst trying to
restrict access, I find that with an non-manager user:
http://myhost.com:8080/Home/ --- shows the root Plone page just as
desired
http://myhost.com:8080/Home --- shows an "insufficient privileges"
page (note the lack of a trailing slash).
Any one have ideas why this is, or how to fix this?
Regards,
Nikko
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20050608/be545500/attachment.htm
More information about the Zope
mailing list