[Zope] Local roles and acquisition
Etienne Labuschagne
elabuschagne@gmsonline.co.za
Wed, 23 Apr 2003 10:01:20 +0200
I have the following problem regarding local roles and acquisition:
Folder structure:
A------B------index_html
|
----worker
A and B are folders, worker is an object with some handy methods. These
methods are declared protected with security.declareProtected('Manage
properties').
The index_html in B uses some of the functions in worker, so whoever is
using index_html must have a role that has the permission 'Manage properties'.
When I assign a local role to someone in folder B that has the permission
'Manage properties', I still cannot access the protected methods in
worker. Also, trying to do things like http://mysite/A/B/worker/someMethod
or http://mysite/A/worker/B/someMethod doesn't work (I get the login box.)
How does Zope resolve security when using acquisition to access
methods. Proxy roles won't help as I am using a product and in this case,
index_html is a skin method in a CMF site, so I can't assign a proxy role
to index_html.
Thanks
Etienne.