It so happens that I have this setup
rootfolder
+ myfolderobjects
+ inheritedstuff
i have an user X in root folder. Roles are so that anonymous doesn't
have permission for anything. Then, there is a user role, that
is allowed some stuff, and i assign local role of User to X into Inheritedstuff.
He now can see index_html. I proxy-role index_html to the User role
so i can <dtml-var somestuff> that is into myfolderobjects, being
somestuff a DTMLmethod.
It works. X can access index_html which in turn includes somestuff
from its parent folder, and I did not have to give him explicit rights
to any of the objects into myfolderobjects
BUT, if I try to <dtmlvar somesqlmethod>, it won't work. Note that the User role does have permission to run SQL methods.
That's in my point of view, a mistake in Zope's security policy. If i proxy-role a document or method, i should be able to acquire anything specified into it, from its parent hierarchy.
Please help or tip. Thanks =)
Seb Bacon wrote:
Does Zope security provide a way of restricting what objects are listed to
an authenticated user inside the Zope 'manage' interface? I'm getting my
head all twisted up over this security / proxy roles /local roles lark.Thanks, seb
_______________________________________________
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
-- Manuel Amador (Rudd-O)