[Zope] Non-existing Zope-Security!!!

[Tim Cook]

Stephan Goeldi wrote:
> 
> OK let me state that I don't think so (subject line). I had to choose this
> subject, because it seems to me, that nobody was interested in my previous
> attempts to get information about my problem. So here is my newbie (?)
> question again:
> 
> I have the folders:
> 
> /www/folder1
> /www/folder2
> 
> Apache redirects domain1 to folder1 and domain2 to folder2.
> The manager of folder1 is able to browse to /www and see what folders exist
> there. He shouldn't, because he only exists in the acl_user of /www/folder1.
> He even can look into the folder /www/folder2 (but not into the objects).
> 
> Is it possible to disable the access for the folder1-manager above folder1?
> It doesn't seem to me. If it really isn't possible, there is no security at
> all for ISP uses of Zope. But I'm sure, there should be a possibility.
> 
> I even created a local role in /www/folder1 too. Even with the local role I
> can browse /www and /www/folder2!
> 
> Any suggestions?

Create the user in the top level folder that they are allowed to
see. 
Not in the /www folder

HTH,
-- Tim Cook --
Cook Information Systems | Office: (901) 884-4126 8am-5pm CDT
Free Practice Management 
Project Coordinator http://www.freepm.org
OSHCA Founding Supporter http://www.oshca.org