[Zope-dev] Security Question
flynt
flynt@gmx.ch
Fri, 23 Nov 2001 13:54:32 +0100
Andre Schubert wrote:
>
> Hi all,
>
> i have a little security problem.
> let me explain.
>
> root/
> index_html
> foo/
> acl_users/
> bar/
> Image
>
> I have a image which could only be view by users with a role named
> foobar, these users are in acl_users.
> If i access the image through the web a must authenticate myself for the
> first time, after that everything works well.
> But if i want to access the Image via <dtml-var Image> from the
> index_html in the root-folder a got no access.
> After searching at Zope.org i tested with <dtml-var
> "restrictedTraverse('')"> but this doesnt works.
> How do i authenticate myself in foo if i access the folder via dtml.
>
> Thanks as
>
> P.S.: Sorry for my bad english
>
>
Hi Andre
How about in index_html:
<dtml-with foo/bar>
<dtml-var image>
</dtml-with>
and give a proxy role to the method (however I would not give a proxy
role to index_html but use a separate methode which then is
called/included in index_html).
(I think this question would fit better to the zope@zope.org mailing
list than to this one ;-)
Regards
--- Flynt