Re: [Zope-dev] Security Question

2001-11-28 Thread Danny William Adair
On Saturday 24 November 2001 01:40, Andre Schubert wrote: root/ index_html foo/ acl_users/ bar/ Image I have a image which could only be view by users with a role named foobar, these users are in acl_users. If i access the image through the web a must authenticate

Re: [Zope-dev] Security Question

2001-11-28 Thread Andre Schubert
Danny William Adair schrieb: On Saturday 24 November 2001 01:40, Andre Schubert wrote: root/ index_html foo/ acl_users/ bar/ Image I have a image which could only be view by users with a role named foobar, these users are in acl_users. If i access the

Re: [Zope-dev] Security Question

2001-11-28 Thread Danny William Adair
This doesn't work, because the user it not known in root where the index_html is, the user is known in the folder view. Sorry. I think I read your first email a little too fast. This behavior is normal, and meant to strengthen Zope security. You are not calling the Image object, index_html

Re: [Zope-dev] security question

2001-06-16 Thread Shane Hathaway
Tim McLaughlin wrote: root has a role called 'User' with 'View' permissions (anonymous is disabled) and acl_users has a user called joe. joe can access objects in folder2 according to the permissions set on the root by using acquisition like this: http://server/folder1/folder2/object1 joe