[Zope] Security framework troubles

Anders Bruun Olsen anders at bruun-olsen.net
Fri May 6 12:19:25 EDT 2005


Hi,

I am attempting to make a zope product (a custom book-database for use
by my employer) and of course want to secure it. I have added this code
to my class:

  security = ClassSecurityInfo()
  security.setDefaultAccess("deny")
  security.declareProtected("View Bookbase", "index_html")
  security.declareProtected("View Bookbase", "standard_page")
  security.declareProtected("View management screens", "manage_main")

And also of course InitializeClass(Bookbase)

When the template tries to access container/title an access denied
expection is raised. With VerboseSecurity I get this explanaition:

Unauthorized: The container has no security assertions. Access to
'title' of (Bookbase at /bookbase) denied.

What exactly am I missing here?

It works if I do setDefaultAccess("allow"), but I don't want to allow
access by default and then just deny for those I know I want to deny
access to. I want it the other way around.

-- 
Anders
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/O d--@ s:+ a-- C++ UL+++$ P++ L+++ E- W+ N(+) o K? w O-- M- V
PS+ PE@ Y+ PGP+ t 5 X R+ tv+ b++ DI+++ D+ G e- h !r y?
------END GEEK CODE BLOCK------
PGPKey: http://random.sks.keyserver.penguin.de:11371/pks/lookup?op=get&search=0xD4DEFED0


More information about the Zope mailing list