I'm using LoginManager and the loginForm cookie method for security.

I want my login form to use the same standard_html_header, stylesheet 
and so on as my system.

My hierarchy is



I've denied anonymous access to Strader and so on, but I want the 
loginForm to be able to load standard_html_header, which in turn 
references a few things in Strader

Anyway, my loginForm has this:

<dtml-with Strader>
<dtml-var standard_html_header>

I've given the loginForm a proxy role called "Customer"

Customer has full access to Strader and everything in it.

It looks like standard_html_header is rendered, but when 
standard_html_header calls StyleSheet and other objects in the Strader 
folder, I get the browser login box. Cancelling that shows "access to 
StyleSheet denied".

Its as if the proxy role assigned to loginForm is discarded by 
standard_html_header, even though I didn't assign 
standard_html_header any proxy roles.

Is this a bug, or by design?


Also, I see that I have some very strange permissions in my list, looks 
like an installed product goofed.

I see this single character permissions.

A C D G Z a d h r s t

Ahh.. Looks like ZGDChart hasn't used a tuple where it should... 

Brad Clements,                [EMAIL PROTECTED]   (315)268-1000
http://www.murkworks.com                          (315)268-9812 Fax
netmeeting: ils://ils.murkworks.com               AOL-IM: BKClements

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to