Michael Shulman wrote:
I don't understand what inheriting proxy roles from callers has to do
with allowing users to access protected resources above their user
folders. They seem like totally different questions to me. Could you
please explain?
Nothing, different threads, crossed wires, nothi
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris Withers wrote:
> Tres Seaver wrote:
>
>> The prior behavior (allowing users to access protected resources "above"
>> the domain of their user folders) was a security hole caused by a bug,
>> and was never documented as allowable: correcting it
I don't understand what inheriting proxy roles from callers has to do
with allowing users to access protected resources above their user
folders. They seem like totally different questions to me. Could you
please explain?
On 2/16/06, Tres Seaver <[EMAIL PROTECTED]> wrote:
> >>>But... it's still
David wrote:
I just disagree. If theres a paranoia with the standard set of roles
then prevent *those* from upward acquisition. But if I add a role
*specifically* so it can access a common code pool,
Security is hard enough as it is, special cases like this are something
that Zoep 2 has en
Tres Seaver wrote:
The prior behavior (allowing users to access protected resources "above"
the domain of their user folders) was a security hole caused by a bug,
and was never documented as allowable: correcting it was a matter for a
rather urgent fix, as it broke the explicitly-documented mode
Tres Seaver wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Shulman wrote:
On 2/15/06, Chris Withers <[EMAIL PROTECTED]> wrote:
But... it's still not working for my real site. I think the issue is
this. If script1 has proxy role Manager, an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Shulman wrote:
> On 2/15/06, Chris Withers <[EMAIL PROTECTED]> wrote:
>
>>>But... it's still not working for my real site. I think the issue is
>>>this. If script1 has proxy role Manager, and script2 has view
>>>permissions set only for Mana
Michael Shulman wrote:
Hi,
I am new to Zope, and so far I like it very much. But I think I am
confused about how security works, or is supposed to work.
Specifically I want to know the following.
Is there a way in Zope to restrict permissions for direct access only
(i.e. calling an object thro
