[Zope] Security and containment (was Re: [Zope] Acquisition? Did I just lose my
Zen?)
Zen?)
Jim Fulton
jim@digicool.com
Tue, 21 Sep 1999 12:30:59 +0000
Rik Hoekstra wrote:
>
(snip)
> I have a folder
>
> /
>
> index_html
>
> login/
> index_html
>
> userfolder/
> user1
>
> somethingelse/
> stillsomethingelse/
>
> Now calling a url like somethingelse/stillsomethingelse/login/
> gives the index_html from login, as it should. But if I set security in the
> userfolder under login to a role associated with user1, acquisition will not
> work as (I) expected. User1 will authenticate against a straight url login/,
> but it will not against somethingelse/stillsomethingelse/login/. User1
> _will_ authenticate if he is in a userfolder in /
This is a function of the Zope security model.
A user is not allowed to access a protected resource
outside of the containment hierarchy where there user
is defined.
> Does this mean that acquisition does not (always) work between objects that
> are on a same level
This is a feature of the security model, no acquisition.
> (if this means something in the ZODB)?
Acquisition and ZODB are entirely independent.
Jim
--
Jim Fulton mailto:jim@digicool.com
Technical Director (888) 344-4332 Python Powered!
Digital Creations http://www.digicool.com http://www.python.org
Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email
address may not be added to any commercial mail list with out my
permission. Violation of my privacy with advertising or SPAM will
result in a suit for a MINIMUM of $500 damages/incident, $1500 for
repeats.