Hi,
I have implemented a hierarchical access control with the following scheme:
given the structure /a/b/c/d write access is granted if the AUTHENTICATED_USER
has a role identical to the folder name or one of the parent folders, i.e.
a user with role b can change contents of folders b, c, and d, but not a.
I need to have a single user_folder and thus can't use a scheme similar to
the content manager's guide ..
It works like this:
for all parents
compare role to foldername
if equal
grant permission
The problem is that one can change the access path by using acquisition, e.g.
/a/b/a, so a user with only role b can now change folder a, too.
is there a way to disallow acquisition for single folders or objects or any
other way to make this work?
thanks
--Oliver
_______________________________________________
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
