Hello,
i have a security/viewing concern.
I have some Yihaw folders who are not public. I removed the "view" permission
on the folder, and trying to get in call the authentication windows. Fine.
On my main page, i have the whatsnew, latest and toplevel methods with the
skip_unauthorized option within the toplevel dtml-in.
If i only have the "view" permission off, the yihaw folder and subfolders are still
listed on the toplevel method.
If i remove also the "access content" on the yihaw folder , no more listing on
toplevel. Fine.
But, when i do that, the "latest" method raise the authentication window, and
even a manager role fails, it's an autorisation problem on the Catalog.
Any idea for solving that ?
Thanks in advance.
********* TRACEBACK *********
Unauthorized
You are not authorized to access approved.
[... SKIP ...]
File /zope/2-1-6-
clean/lib/python/DocumentTemplate/DT_In.py, line 611, in
renderwb
(Object:
Catalog(bobobase_modification_time=ZopeTime()-14,
bobobase_modification_time_usage='range:min',
sort_on='bobobase_modification_time',
sort_order='reverse'))
File /zope/2-1-6-
clean/lib/python/DocumentTemplate/DT_With.py, line 148,
in render
(Object: Catalog.getobject(data_record_id_))
File /zope/2-1-6-
clean/lib/python/DocumentTemplate/DT_Util.py, line 329,
in eval
(Object: _.has_key('approved') and approved or not
_.has_key('approved'))
(Info: approved)
Unauthorized: (see above)
--
Didier Georgieff
DDAF du Bas-Rhin - Cellule SIG
2, rue des Mineurs 67070 Strasbourg Cedex
tél : 03.88.25.20.33 - fax : 03.88.25.20.01
email : [EMAIL PROTECTED]
SIT du Bas-Rhin : http://www.bas-rhin.sit.gouv.fr
GéoWeb http://sertit10.u-strasbg.fr
_______________________________________________
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
