[Zope] Anonymous users can download files stored in a restricted folder

Barbara Harris b.harris at bbk.ac.uk
Mon Apr 11 08:27:25 EDT 2005 

Is it possible to restrict access to the file download function by
setting permissions on the folder containing a published file?

 

In a Zope 2.6.4 CMF site, running on Apache, I have removed anonymous
access from a portal folder (the restricted folder) and published
documents and files in that folder.  If a document elsewhere on the site
contains a hyper link to a DOCUMENT in the restricted folder, anonymous
users are prompted to login to the site when they select the link - this
is what I want.  However, a hyper link to a FILE published in the
restricted folder triggers the Windows file download window and allows
an anonymous user to download the file.  

 

Without introducing special procedures, I would like to provide the
content owner with the facility to publish files in the restricted
folder, and create hyperlinks to these files throughout the site that
can only be accessed via Zope members.  

 

Initially I restricted the folder by deselecting 'Acquire permission
settings?' and selecting Manager and Member roles only on the following
permissions:

 

- Access contents information 

- View

 

Subsequently I deselected and reset the roles on all the (restricted
folder's) permissions allocated to the Anonymous role at Zope instance
and site level, but it made no difference.

 

Tacking 'view' onto the end of the file url works, but this requires
additional user intervention and an extra step in the download, so I'd
rather find a once-off permissioning solution if I can i.e.

 

http://myCMFsite/myRestrictedFolder (loads the login page - desired
result)

http://myCMFsite/myRestrictedFolder/myPublishedDocument (loads the login
page - desired result)

http://myCMFsite/myRestrictedFolder/myPublishedFile (triggers the
Windows file download window - not acceptable)

http://myCMFsite/myRestrictedFolder/myPublishedFile/view (loads the
login page - desired result)

 

The content owners' platform is IE6 or Firefox1 running on Windows 2000
or XP.

 

Regards,

Barbara Harris

Web Team

Birkbeck, University of London

Email: b.harris at bbk.ac.uk <mailto:b.harris at bbk.ac.uk> 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20050411/f68f9a42/attachment.htm

More information about the Zope mailing list