> This doesn't work, because the user it not known in root where the
> index_html is,
> the user is known in the folder view.
Sorry.
I think I read your first email a little too fast.
This behavior is normal, and meant to strengthen Zope security.
You are not calling the Image object, index_htm
Andre Schubert writes:
> > Andre Schubert writes:
> > > Have i missunderstand restrictedTraverse, which says that a object will
> > > be accessed by traversing
> > > a path and checking permissions for each object.
> > No, you did not.
> > That's how "restrictedTraverse" should work
Danny William Adair schrieb:
>
> On Saturday 24 November 2001 01:40, Andre Schubert wrote:
> > root/
> > index_html
> > foo/
> > acl_users/
> > bar/
> > Image
> >
> > I have a image which could only be view by users with a role named
> > foobar, these users are in acl_users.
> >
On Saturday 24 November 2001 01:40, Andre Schubert wrote:
> root/
> index_html
> foo/
> acl_users/
> bar/
> Image
>
> I have a image which could only be view by users with a role named
> foobar, these users are in acl_users.
> If i access the image through the web a must authenti
Dieter Maurer schrieb:
>
> Andre Schubert writes:
> > Have i missunderstand restrictedTraverse, which says that a object will
> > be accessed by traversing
> > a path and checking permissions for each object.
> No, you did not.
> That's how "restrictedTraverse" should work
Oh, does that me
Andre Schubert writes:
> Have i missunderstand restrictedTraverse, which says that a object will
> be accessed by traversing
> a path and checking permissions for each object.
No, you did not.
That's how "restrictedTraverse" should work
Dieter
Dieter Maurer schrieb:
>
> Andre Schubert writes:
> > i have a little security problem.
> > let me explain.
> >
> > root/
> > index_html
> > foo/
> > acl_users/
> > bar/
> > Image
> >
> > I have a image which could only be view by users with a role named
> > foobar,
Tim McLaughlin wrote:
> root has a role called 'User' with 'View' permissions (anonymous is
> disabled) and acl_users has a user called joe. joe can access objects in
> folder2 according to the permissions set on the root by using acquisition
> like this:
> http://server/folder1/folder2/object1
>
It seems to me that a User should not get to keep their roles in the
acquired objects which are above the User Folder in which the user is
defined... However, that does not seem to be true according my testing.
This is what happens. Imagine a tree like this
root-folder1-acl_users
\folder2-ob
