> Create the user in the top level folder that they are allowed to
> see. 
> Not in the /www folder

That alone wouldn't do it if we are talking about "seeing the objects", e.g. by
calling the "objectIds" method in the root folder. You also have to switch off
the root folder's "Access contents information" rights for Anonymous and the
sub-tree managers. I think Zope security is really a bit weak here because the
standard settings are NOT blocking "Access contents information" and blocking
it makes programming a bit harder ...

BUT: You CAN configure it correctly if you want to.


Iuveno - Smart Communication

Joachim Werner


Marie-Curie-Straße 6
85055 Ingolstadt

Tel.: +49 841/90 14-325 (Fax -322)
Mobil: +49 179/39 60 327
WWW: www.iuveno.de/www.iuveno-net.de

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to