[Zope-CMF] Can I prevent anonymous access to only some of the files on a site

Barbara Harris b.harris at bbk.ac.uk
Tue Apr 12 07:00:09 EDT 2005


A small number of the files and documents on a Zope 2.6.4 CMF site,
running through Apache, should be available only to Zope members
(managers and owners).  I have placed all these objects in a
portal_folder called 'restricted'.  On the restricted folder I have
deselected 'Acquire permission settings?' and selected Manager, Member,
and Owner roles only on the following permissions:

 

- Access contents information 

- View

 

All the files and documents in the restricted folder have been published
via the default_workflow (Simple Review / Publish Policy) i.e. on the
View permission each object's 'Acquire permission settings?' is
deselected and the Anonymous, Manager and Owner roles are selected.

 

If a document elsewhere on the site contains a hypertext link to a
DOCUMENT in the restricted folder, anonymous users are prompted to login
to the site when they select the link - this is what I want.  However, a
hypertext link to a FILE published in the restricted folder triggers the
Windows file download window and allows an anonymous user to download
the file.  NB if I add '/view' to the end of a file hypertext link
anonymous users are prompted to login to the site when they select the
link.

 

It would appear that removing anonymous access to the 'Access contents
information' permission on a folder prevents anonymous users accessing
the folder, documents, and DTML methods from that folder, but does not
prevent the file download function being triggered by the URL of a file
in the same folder.  Is this observation correct?

 

Is it possible to set the permissions on only one of many site folders,
to prevent the file download function being triggered by anonymous
users?

Or 

Is there a way to apply a workflow that deselects the anonymous role and
selects the member role on the objects in only one of many folders on a
site?

Or

Is there another solution to preventing anonymous access to only some of
the files on a site?

 

Regards,

Barbara Harris

Web Team

Birkbeck, University of London

Tel: 020 7631 6566

Email: b.harris at bbk.ac.uk

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope-cmf/attachments/20050412/8e4d6553/attachment.htm


More information about the Zope-CMF mailing list