[Zope] Security issues

Andreas Jung lists at andreas-jung.com
Sun May 1 08:27:07 EDT 2005



--On Sonntag, 1. Mai 2005 13:02 Uhr +0100 cla <clark2 at net.sapo.pt> wrote:

> Hi!
>
> Im developing a portal using, zope and i had been some
> problems with the security of some template pages that
> I have created. Those pages are accesible just puting
> the correct path in the url, even if they are only for
> manager access. I have already try the security tabs that
> are associated to witch document, but with no sucess.
>
> What can i do to resolve this big problem.

You have add security assertion to file based templates through .metadata 
files.
If foo.pt is your template then create a file foo.pt.metadata containing:

[security]
View=0:Manager

Means that the View permission is only granted to Managers and that the 
permission
is not acquired (same the corresponding flag in the ZMI).

-aj


More information about the Zope mailing list