gf wrote:

I am relatively new to Zope and have a question regarding acl_user folders.

I am trying to prevent 'view' access to an acl_users folder that I
have created in a non-root area of my website.

I have used the management interface Security tab to uncheck the
'Acquire permission settings' for the 'View' Permission and have
enabled View for the Manager role only.

I have taken the same actions for my root acl_users folder as well.

When I browse to http://mysite/myfolder/acl_users, I am presented with
a view of the index_html file contained within myfolder, with the <dtml-var title_or_id> 'output' indicating that it is 'User Folder'.

Why is acl_users making use of the container's index_html? Is there a
way to limit even View access to this folder?



Thats normal zope acquisition. When you access a folder with no viewable object it goes *up* in search of something to acquire and index_html is implied. Authorization occurs when something is about to be published or accessed - not just typed in a URL.


Zope maillist  -
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to