[Zope] Stupid User Access Question

Bill Anderson bill.anderson@libc.org
Fri, 11 Feb 2000 17:25:23 -0700


"James W. Howe" wrote:
...
> I have a root folder named Foo which contains all the content for my web
> site.  The Foo folder has a user folder defined for it.  I create a new
> role called "registered".  For each subfolder that I want to be publicly
> viewable I simply use the default security level.  For any folder which is
> only accessible to registered users I change the security to prevent
> acquisition of the "Access Contents Information" and instead check it for
> all applicable roles other than anonymous.  For example, I would select it
> for the "registered" role.
> 
> The above seems to cover most of my site, however I still have a
> problem.  My Foo root folder contains several "utility" type
> DTMLMethods.  Under the scheme described above any user could view the
> methods if they typed the appropriate URL.  The key thing is that I want
> the user to be able to view the index_html method, for example, but I don't
> want them arbitrarily accessing other methods.  I suppose I could put my
> utility methods in their own folder, but then accessing them is more
> complicated.  What do most people do to handle this situation?

Do the same thing for View as well for those methods you don't want 'any
user' to access. It is down towards the bottom of the list. 



-- 
In flying I have learned that carelessness and overconfidence are 
usually far more dangerous than deliberately accepted risks. 
          -- Wilbur Wright in a letter to his father, September 1900