[Zope] acquisition, traversal, acl_users and security

Tim Hicks tim@sitefusion.co.uk
Thu, 27 Feb 2003 17:57:36 -0000 (GMT)


Hi all,

I'm having a problem, but first let me explain generally what I'm trying
to do.

I'm want to provide alternative management screens to those found at
/manage.  The goal is also not to use any additional products that don't
come with a vanilla zope install (actually, I've allowed myself the luxury
of Formulator, but that doesn't matter for these purposes).

So, I've added a folder called 'control' that contains all of my
management screens.  These work pretty nicely (even though I say so myself
;-) ).  Now, users just need to append /control to their url and they get
quite a user friendly editing experience.

In the 'control' security tab, I've left everything on 'Acquire
Permissions' except for 'View', which I've limited to 'Manager' only. 
This works well when the user logging in is defined in an acl_users that
is a sibling of 'control', but does not work when the acl_users is defined
further down the tree and 'control' is being acquired.

e.g.

- site_root_folder
  - acl_users
  - control
  - folder1
    - acl_users

/site_root_folder/control works;
/site_root_folder/folder1/control raises Unauthorized when the user is
defined in site_root_folder/folder1/acl_users instead of
site_root_folder/acl_users.

I did a little searching on this list, and I think found that this is an
explicit feature of the zope security policy that is designed to stop
people from circumventing security by using url traversal tricks - which I
guess is effectively what I'm trying to do.

So, my questions are:

Is my diagnosis right?
Is there any way around this problem without going to filesystem code?
Does anybody have a suitable __of__ method (or somesuch) that would allow
me to achieve what I want if I do have to use fs code?

cheers,

tim