I have implemented a hierarchical access control with the following scheme:
given the structure /a/b/c/d write access is granted if the AUTHENTICATED_USER
has a role identical to the folder name or one of the parent folders, i.e. 
a user with role b can change contents of folders b, c, and d, but not a.
I need to have a single user_folder and thus can't use a scheme similar to
the content manager's guide ..
It works like this: 

for all parents
  compare role to foldername
  if equal
     grant permission
The problem is that one can change the access path by using acquisition, e.g.
/a/b/a, so a user with only role b can now change folder a, too.
is there a way to disallow acquisition for single folders or objects or any
other way to make this work?


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to