I'm confused about the way Zope restricts access to products such as Confera.

I think I know about adding users, and setting their roles, and setting permissions on 
objects.  Acquisitional Zen escapes me, but I suppose I know enough of it to get 
along.  Unfortunately, when I put this all into practice, things don't work the way I 
think they should! 

I'm just trying to do simple stuff here.  Let's say we have a Zope website on sailing. 
 It has a public section which everyone is invited to view, and a section we wish to 
restrict just to sailboat captains.  The default works well for the public pages, but 
we have to do some special things in order to make the restricted stuff restricted.  
So we create a role of "captain".  In the acl_users folder for the pages we want to 
restrict, we add the user "Blackbeard" and give him a captain role.  In the 
to-be-restricted folder, under the security tab, we check the "Access contents 
information", "Can Login and Logout", and "View" roles under "captain", then tediously 
uncheck all of the "Acquire permission settings".  Things are just fine so far, I 
think.  Blackbeard can get in, and everyone else is kept out.

The problem is when we want to add a product like Confera, and only let Blackbeard and 
his captain buddies use it.  There is apparently something very different about the 
way Zope handles products.  Obviously, there are several more permissions that need to 
be checked due to the added functionality, such as "Add Confera Topics" etc., but 
regardless of how many permissions I check under the captain role, Zope+Confera will 
not let Blackbeard or the other captains in!

What am I missing here?

Get your free email from AltaVista at http://altavista.iname.com

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to