Re: [Zope] security quickie

2000-10-16 Thread Manuel Amador (Rudd-O)


I too have a doubt about security stuff.
It so happens that I have this setup
rootfolder
+   myfolderobjects
  +    inheritedstuff
i have an user X in root folder.  Roles are so that anonymous doesn't
have permission for anything.   Then, there is a user role, that
is allowed some stuff, and i assign local role of User to X into Inheritedstuff. 
He now can see index_html.  I proxy-role index_html to the User role
so i can  that is into myfolderobjects, being
somestuff a DTMLmethod.
It works.  X can access index_html which in turn includes somestuff
from its parent folder, and I did not have to give him explicit rights
to any of the objects into myfolderobjects
 
BUT, if I try to , it won't work.  Note
that the User role does have permission to run SQL methods.
That's in my point of view, a mistake in Zope's security policy. 
If i proxy-role a document or method, i should be able to acquire anything
specified into it, from its parent hierarchy.
Please help or tip.  Thanks =)
 
Seb Bacon wrote:
Does Zope security provide a way of restricting what
objects are listed to
an authenticated user inside the Zope 'manage' interface?  I'm
getting my
head all twisted up over this security / proxy roles /local roles lark.
Thanks, seb
___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev
)

-- 
Manuel Amador (Rudd-O)
 


[Zope] security quickie

2000-10-09 Thread Seb Bacon

Does Zope security provide a way of restricting what objects are listed to
an authenticated user inside the Zope 'manage' interface?  I'm getting my
head all twisted up over this security / proxy roles /local roles lark.

Thanks, seb


___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )