bruno modulix wrote at 2005-9-30 09:38 +0200: > ... >Dieter, I didn't misunderstood your proposed solution. But some users >exist in different CPMs with different roles in each CPM. So - unless >I'm totally at lost with how Zope's security works - if User1 has role >RoleWithMuchPrivileges in Cpm1 and role RoleWithFewPrivileges in Cpm2, >he could gain RoleWithMuchPrivileges in Cpm2 just by using faked url >cpm1/cpm2/whatever_he_should_not_access_here. Worse, anyone existing in >any CPM could gain access to any other CPM just by faking url.
In fact, this should not be the case: The user comes from some user folder and gets the roles associated with it in that user folder. Due to acquistion fakes the authorizing user folder may not be the one adequate for the object being accessed. However, part of the access check is the verification that the object is governed by the authorizing user folder (this means the object must be at or below the folder containing the authorizing user folder). If this verification fails and the access was protected in the first place, then access will be denied. Thus, acquisition fakes should not be able to give a user higher priviledges on an object than it would get by a user folder which governs the object. Summary: Only your "Portal" user folder can give "CPM" priviledges higher than the one granted by the "CPM" user folder. User folders of other "CPM"s cannot do this. -- Dieter _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )