A small number of the files and documents on a Zope 2.6.4 CMF site, running through Apache, should be available only to Zope members (managers and owners). I have placed all these objects in a portal_folder called ‘restricted’. On the restricted folder I have deselected ‘Acquire permission settings?’ and selected Manager, Member, and Owner roles only on the following permissions:
- Access contents information
All the files and documents in the restricted folder have been published via the default_workflow (Simple Review / Publish Policy) i.e. on the View permission each object’s ‘Acquire permission settings?’ is deselected and the Anonymous, Manager and Owner roles are selected.
If a document elsewhere on the site contains a hypertext link to a DOCUMENT in the restricted folder, anonymous users are prompted to login to the site when they select the link - this is what I want. However, a hypertext link to a FILE published in the restricted folder triggers the Windows file download window and allows an anonymous user to download the file. NB if I add ‘/view’ to the end of a file hypertext link anonymous users are prompted to login to the site when they select the link.
It would appear that removing anonymous access to the ‘Access contents information’ permission on a folder prevents anonymous users accessing the folder, documents, and DTML methods from that folder, but does not prevent the file download function being triggered by the URL of a file in the same folder. Is this observation correct?
Is it possible to set the permissions on only one of many site folders, to prevent the file download function being triggered by anonymous users?
Is there a way to apply a workflow that deselects the anonymous role and selects the member role on the objects in only one of many folders on a site?
Is there another solution to preventing anonymous access to only some of the files on a site?
Tel: 020 7631 6566
Email: [EMAIL PROTECTED]
_______________________________________________ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf
See http://collector.zope.org/CMF for bug reports and feature requests