[Zope] limiting view access to acl_users
David
bluepaul at earthlink.net
Fri Feb 24 14:25:38 EST 2006
gf wrote:
>Hi,
>I am relatively new to Zope and have a question regarding acl_user folders.
>
>I am trying to prevent 'view' access to an acl_users folder that I
>have created in a non-root area of my website.
>
>I have used the management interface Security tab to uncheck the
>'Acquire permission settings' for the 'View' Permission and have
>enabled View for the Manager role only.
>
>I have taken the same actions for my root acl_users folder as well.
>
>When I browse to http://mysite/myfolder/acl_users, I am presented with
>a view of the index_html file contained within myfolder, with the
><dtml-var title_or_id> 'output' indicating that it is 'User Folder'.
>
>Why is acl_users making use of the container's index_html? Is there a
>way to limit even View access to this folder?
>
>Thanks.
>
>-g
>
>
gf,
Thats normal zope acquisition. When you access a folder with no
viewable object it goes *up* in search of something to acquire and
index_html is implied. Authorization occurs when something is about to
be published or accessed - not just typed in a URL.
David
More information about the Zope
mailing list