Re: [Zope-dev] Security Question
> This doesn't work, because the user it not known in root where the > index_html is, > the user is known in the folder view. Sorry. I think I read your first email a little too fast. This behavior is normal, and meant to strengthen Zope security. You are not calling the Image object, index_html is. The user folder will not authenticate "above". You are calling index_html which is "above". That's why calling the Image object directly works fine. If the other way would be possible, you could switch the authenticating user_folders and thus sneak into something you weren't allowed to access: This means showing the bouncer your public library card, instead of (at least) your driver's license. Of course it says that you're 21... By the way, this has nothing to do with the URL. Calling /foo/bar/index_html, (hoping for acquisition leaving you with the client object "bar"), will bring the same result. will _find_ the Image object, but index_html (which is still above) will need to show proper permissions. So you cannot do it this way. Not even unrestrictedTraverse would help you. Not even a proxy role, since you would have the same problem with the method that holds the proxy role. Where would you put it? If I understand you right, you want the user to authenticate when trying to access index_html, because that's where the protected image will be shown. (Or was the question not of practical relevance?) You either have to move index_html down to where acl_users lies, or the other way around. If you want one universal "view image" page, which only asks for authentication if needed for the image it is supposed to show (and doesn't for public images), then call "foo/bar/Image/show" with "show" being a method on the same level as your current index_html. Another way would be redirection. The third and by far the easiest solution is to use in index_html, because then the Image object will be requested directly and authenticates itself (on the right level). I was rebuilding your sample structure, and found something quite annoying, that might have to go into the Collecor: "Access contents information" looks like it is not sufficient to access image objects or their properties. will need the "View" permission, which is not how this thing works with other object types. As soon as you _access_ an image object Zope behaves as if you were trying to render it, but you're not (yet). You might have found a Zope bug here... Hope this helps, Danny ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Security Question
Andre Schubert writes: > > Andre Schubert writes: > > > Have i missunderstand restrictedTraverse, which says that a object will > > > be accessed by traversing > > > a path and checking permissions for each object. > > No, you did not. > > That's how "restrictedTraverse" should work > Oh, does that mean that i was on the right way? > Is there another solution to perform this? Try "restrictedTraverse". Almost surely, it will need "Access contents information" which you might grant to "Anonymous"(?). Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Security Question
Danny William Adair schrieb: > > On Saturday 24 November 2001 01:40, Andre Schubert wrote: > > root/ > > index_html > > foo/ > > acl_users/ > > bar/ > > Image > > > > I have a image which could only be view by users with a role named > > foobar, these users are in acl_users. > > If i access the image through the web a must authenticate myself for the > > first time, after that everything works well. > > But if i want to access the Image via from the > > index_html in the root-folder a got no access. > > After searching at Zope.org i tested with > "restrictedTraverse('foo/bar/Image')"> but this doesnt works. > > How do i authenticate myself in foo if i access the folder via dtml. > > In your "Image" object, give the "Access Contents Information" to the role > "Anonymous" (or whoever usually views index_html), but keep "View" forbidden > for Anonymous (allowed only for "foobar" role owners). So it is. > > This way, the var tag (which could have been called by Anonymous) will be > able to "see" the object, and Zope will authenticate automatically, if this > is necessary in order to view it. This doesn't work, because the user it not known in root where the index_html is, the user is known in the folder view. > > For security reasons, your Image object will not even be "found", if the > caller's role does not have the "Access Contents Information" permission. I > find this a good idea and reason. > > There is no difference whether you climb to "Image" using restrictedTraverse, > the "with" tag, or directly. All these will have identical results. > > If you want to avoid the separate permission settings (because you have a lot > of Image objects you want to behave like that), either give "index_html" a > proxy role that has the "Access Contents Information" permission on "Image" > (or the whole "bar" folder), or use unrestrictedTraverse in index_html. > > hth, > Danny as ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Security Question
On Saturday 24 November 2001 01:40, Andre Schubert wrote: > root/ > index_html > foo/ > acl_users/ > bar/ > Image > > I have a image which could only be view by users with a role named > foobar, these users are in acl_users. > If i access the image through the web a must authenticate myself for the > first time, after that everything works well. > But if i want to access the Image via from the > index_html in the root-folder a got no access. > After searching at Zope.org i tested with "restrictedTraverse('foo/bar/Image')"> but this doesnt works. > How do i authenticate myself in foo if i access the folder via dtml. In your "Image" object, give the "Access Contents Information" to the role "Anonymous" (or whoever usually views index_html), but keep "View" forbidden for Anonymous (allowed only for "foobar" role owners). This way, the var tag (which could have been called by Anonymous) will be able to "see" the object, and Zope will authenticate automatically, if this is necessary in order to view it. For security reasons, your Image object will not even be "found", if the caller's role does not have the "Access Contents Information" permission. I find this a good idea and reason. There is no difference whether you climb to "Image" using restrictedTraverse, the "with" tag, or directly. All these will have identical results. If you want to avoid the separate permission settings (because you have a lot of Image objects you want to behave like that), either give "index_html" a proxy role that has the "Access Contents Information" permission on "Image" (or the whole "bar" folder), or use unrestrictedTraverse in index_html. hth, Danny ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Security Question
Dieter Maurer schrieb: > > Andre Schubert writes: > > Have i missunderstand restrictedTraverse, which says that a object will > > be accessed by traversing > > a path and checking permissions for each object. > No, you did not. > That's how "restrictedTraverse" should work Oh, does that mean that i was on the right way? Is there another solution to perform this? > > Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Security Question
Andre Schubert writes: > Have i missunderstand restrictedTraverse, which says that a object will > be accessed by traversing > a path and checking permissions for each object. No, you did not. That's how "restrictedTraverse" should work Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Security Question
Dieter Maurer schrieb: > > Andre Schubert writes: > > i have a little security problem. > > let me explain. > > > > root/ > > index_html > > foo/ > > acl_users/ > > bar/ > > Image > > > > I have a image which could only be view by users with a role named > > foobar, these users are in acl_users. > > If i access the image through the web a must authenticate myself for the > > first time, after that everything works well. > > But if i want to access the Image via from the > > index_html in the root-folder a got no access. > I expect, you get hit by a (in my view stupid) security feature: > > When you are not authorized to access an object, then you > should not even see that it is there. > > This is achieved by turning "Unauthorized" exceptions into > "KeyError" exceptions under some circumstances. > > The effect is similar to what you describe (at least, if I > interpret "got no access" as a "NameError" or "KeyError" for > "Image"). > > If, however, you keep getting "Unauthorized" exceptions > (i.e. login requests), then the reason may be that your > initial request did not get authenticated by "foo/acl_users" > but by a higher level "acl_users" that does not assign > the correct role to the user. > This is exactly what i want. I want a user wich has to login with foo/acl_users. And this user should be allowed to view the Image trough dtml. Have i missunderstand restrictedTraverse, which says that a object will be accessed by traversing a path and checking permissions for each object. as > Dieter > > ___ > Zope-Dev maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] security question
Tim McLaughlin wrote: > root has a role called 'User' with 'View' permissions (anonymous is > disabled) and acl_users has a user called joe. joe can access objects in > folder2 according to the permissions set on the root by using acquisition > like this: > http://server/folder1/folder2/object1 > joe cannot however, access them directly: > http://server/folder2/object1 > > Does this seem strange to anybody else, or have I just been working too > long? What version of Zope? What OS? Are you using a user folder other than the "stock" acl_users? Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )