-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Barbara Harris wrote: > Is it possible to restrict access to the file download function by > setting permissions on the folder containing a published file? > > In a Zope 2.6.4 CMF site, running on Apache, I have removed anonymous > access from a portal folder (the restricted folder) and published > documents and files in that folder. If a document elsewhere on the site > contains a hyper link to a DOCUMENT in the restricted folder, anonymous > users are prompted to login to the site when they select the link - this > is what I want. However, a hyper link to a FILE published in the > restricted folder triggers the Windows file download window and allows > an anonymous user to download the file.
Zope's security model, by design, allows objects to be published even if the container cannot be; therefore you need to ensure that the object itself does not become viewable by anonymous. You likely need to modify the "Security" tab on the "published" state in your workflow to prevent granting "View" permission to "Anonymous". You probably want it to have the "Acquire?" flag turned on, instead. Tres. - -- =============================================================== Tres Seaver [EMAIL PROTECTED] Zope Corporation "Zope Dealers" http://www.zope.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCWoJNGqWXf00rNCgRApfMAJ9/F3dVBzALa6cSd/EKALqURxlHfwCfaeD5 8Dw09zY/hgXQj0k/IHT4ISM= =GWRr -----END PGP SIGNATURE----- _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )