> This doesn't work, because the user it not known in root where the
> index_html is,
> the user is known in the folder view.
Sorry.
I think I read your first email a little too fast.
This behavior is normal, and meant to strengthen Zope security.
You are not calling the Image object, index_htm
Andre Schubert writes:
> > Andre Schubert writes:
> > > Have i missunderstand restrictedTraverse, which says that a object will
> > > be accessed by traversing
> > > a path and checking permissions for each object.
> > No, you did not.
> > That's how "restrictedTraverse" should work
Danny William Adair schrieb:
>
> On Saturday 24 November 2001 01:40, Andre Schubert wrote:
> > root/
> > index_html
> > foo/
> > acl_users/
> > bar/
> > Image
> >
> > I have a image which could only be view by users with a role named
> > foobar, these users are in acl_users.
> >
On Saturday 24 November 2001 01:40, Andre Schubert wrote:
> root/
> index_html
> foo/
> acl_users/
> bar/
> Image
>
> I have a image which could only be view by users with a role named
> foobar, these users are in acl_users.
> If i access the image through the web a must authenti
Dieter Maurer schrieb:
>
> Andre Schubert writes:
> > Have i missunderstand restrictedTraverse, which says that a object will
> > be accessed by traversing
> > a path and checking permissions for each object.
> No, you did not.
> That's how "restrictedTraverse" should work
Oh, does that me
Andre Schubert writes:
> Have i missunderstand restrictedTraverse, which says that a object will
> be accessed by traversing
> a path and checking permissions for each object.
No, you did not.
That's how "restrictedTraverse" should work
Dieter
Dieter Maurer schrieb:
>
> Andre Schubert writes:
> > i have a little security problem.
> > let me explain.
> >
> > root/
> > index_html
> > foo/
> > acl_users/
> > bar/
> > Image
> >
> > I have a image which could only be view by users with a role named
> > foobar,
Tim McLaughlin wrote:
> root has a role called 'User' with 'View' permissions (anonymous is
> disabled) and acl_users has a user called joe. joe can access objects in
> folder2 according to the permissions set on the root by using acquisition
> like this:
> http://server/folder1/folder2/object1
>