Hello,
That's the second time I have this problem, I report it again because the
answer I got the last time was not 'sure' (see bottom of mail) and I would
like to have an 'definitive' explanation from some Zope guru. I hope my
explanation will be clear:
I have 3 folders for a project called 'sms':
/sms/shtmlwhich is accessible by anonymous
/sms/shtml/stationswhich is not accessible by anonymous, only by
'operator' ans stations users
/sms/adminwhich is accessible only by 'operator' user
/sms/acl_userscontains the 'operator' user with role 'sms_admin'
/sms/shtml/stations/acl_userscontains several station users
(station1, staiton2.etc...) with role 'station'
1)'operator' user has permission to access /shtml/stations. operator
authentication is forced by accessing a '/sms/admin/login' method.
2)a method 'check' is inside the '/sms/shtml' folder, this method (also)
display the http authenticated user.
My problem: I am logged in as 'operator'. Sometime, accessing
'/sms/shtml/stations/check' show me:
-Logged in as: Anonymous User and has role(s):Anonymous
instead of:
-Logged in as: operator and has role(s): sms_admin
why (this with IE and Netscape)
I just have a guess: the 'operator' user is defined in '/sms/acl_users' and
my stationx users are defined in '/sms/shtml/stations/acl_users'.
So: is it possible that when I do my 'check' as operator, the acquisition go
to the acl_users which contains the stationx users and miss the other
acl_users folder (which is two levels above) ?
Another investigation: I am logged as operator in a new browser and have the
problem, I click on a link for a stationx user but cancel the http
authentication, then the problem disappear.
I am able to use a workarround, but I would like to understand what cause my
problem.
Is there a way to display which object has triggered the authentication, and
which acl_users folder is used??
Help please...
Thanks.
Gilles Lavaux
Last time reply by Dieter Maurer :
The security system does not use the full acquisition context but
only the containment. This is a security feature to prevent
a user with partial management rights in a subfolder to
affect permissions for objects outside its area.
I think (am not sure!) that in your case, the "protected" context
is not used as your objects are in fact outside "protected".
Dieter
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )