Kevin Jones wrote at 2005-8-11 08:38 -0600:
>My company site allows anonymous visitors to enter a user login 
>id and password, with the Role 'CoPersonnel'.  It then allows 
>them to create a project page and their project info...
>All is well and good until later, when they login to edit their 
>page.  It works, BUT it gives them permission to edit anyone 
>else's page that has the Role 'CoPersonnel'!  It also seems that 
>while the first login is successful, they retain an 'Anonymous 
>User' role.
>These two reside in a "Projects" folder: login_html, acl_users. 
>The individual projects are located in a "Projects" subfolder: 
>Do the acl_users and login_html file have to reside in the 
>individual project folder?  (BTW, I got the code from "The Book 
>of Zope.")

There are global and local roles.

A global role is assigned to user globally.
It applies the the complete subhierarchy governed by the
user folder which defined the user.
The subhierarchy governed by a user folder is the one
whose root contains the user folder.

If this does not give you what you need, you have two

  *  move the "acl_users" down (such that it governs a smaller

  *  use "local" roles instead of global ones.

Zope maillist  -
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to