[Zope-CMF] Security Bug in CMF???

Marc Fischer marcbpc@gmx.de
Mon, 24 Sep 2001 11:41:01 +0200 (MEST)


Hello, 

I have a big Problem with the excluding of anonymous people from my CMF
Site. I really hope that someone of you is able to give me a hint! ...pleassseeee
:-)

So, I want to forbit an anonymous access to my CMF Site. That's it! Now the
problem:

I followed the hints on cmf.zope.org:

1. I unchecked the "aquire permission settings" of "access contents
informations" for the portal and only assigned it to managers and members.

2. I did the same for the "view" permission. 

3. Then I made the login_form accessible for anonymous users, so that they
are able to log in!

So far so good. Now the problem:

If a member creates for example a new document, there appears an error in
the security settings of this document. Although it is still in private state
the view permission of this object is assigned to members, too!!! That's a big
bug!!!
If I undo point 2. from above this error does not appear. 

I really hope that someone of you guys can help me with that problem! I
would be very grateful!

I can reproduce this bug without any problem :-(. Btw, I use zope 240 with
cmf 1.1 on redhat 7.

Thanks in advance, 
Marc
 
 

-- 
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net