Dieter Maurer wrote:
Nikko Wolf wrote at 2005-6-7 14:25 -0600:
  
- I do not want ANY access by unauthorized users. Obviously they
  must be able to reach a login page, and get instructions on how
  to request an account, password reset, etc.
    

Put all content in a subfolder of your site and
remove "View" and "Access contents information" from
"Anonymous".
  
I have a Plone instance named "/Home" -- do you mean that or a subfolder of it?

But of course, this killed my entire Plone installation.

I did as you suggested but (in hindsight stupidly!) did not ensure that anyone else had permissions to "View" and "Access contents information" -- so even logged in as a Manager I could not access the "/Home" folder -- including the Security tab where I would go to fix the problem.  Which seems like a design flaw, but....

Fortunately, http://www.zope.org/Documentation/Misc/SECURITY.txt/view explains about using the emergency user via "zpasswd.py" script, so I fixed things but not until after a good bit of elevated blood pressure and a lot of profanity.

But this brings me to an issue I found weeks ago.    Whilst trying to restrict access, I find that with an non-manager user:
   http://myhost.com:8080/Home/  --- shows the root Plone page just as desired
   http://myhost.com:8080/Home   --- shows an "insufficient privileges" page (note the lack of a trailing slash).

Any one have ideas why this is, or how to fix this?

Regards,
Nikko



_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to