[Zope] Zope Permissions

Nikko Wolf nikko-wolf at earthlink.net
Wed Jun 8 19:22:36 EDT 2005


Dieter Maurer wrote:

>Nikko Wolf wrote at 2005-6-7 14:25 -0600:
>  
>
>>- I do not want ANY access by unauthorized users. Obviously they
>>  must be able to reach a login page, and get instructions on how
>>  to request an account, password reset, etc.
>>    
>>
>
>Put all content in a subfolder of your site and
>remove "View" and "Access contents information" from
>"Anonymous".
>  
>
I have a Plone instance named "/Home" -- do you mean that or a subfolder 
of it?

But of course, this killed my entire Plone installation.

I did as you suggested but (in hindsight stupidly!) did not ensure that 
anyone else had permissions to "View" and "Access contents information" 
-- so even logged in as a Manager I could not access the "/Home" folder 
-- including the Security tab where I would go to fix the problem.  
Which seems like a design flaw, but....

Fortunately, http://www.zope.org/Documentation/Misc/SECURITY.txt/view 
explains about using the emergency user via "zpasswd.py" script, so I 
fixed things but not until after a good bit of elevated blood pressure 
and a lot of profanity.

But this brings me to an issue I found weeks ago.    Whilst trying to 
restrict access, I find that with an non-manager user:
   http://myhost.com:8080/Home/  --- shows the root Plone page just as 
desired
   http://myhost.com:8080/Home   --- shows an "insufficient privileges" 
page (note the lack of a trailing slash).

Any one have ideas why this is, or how to fix this?

Regards,
Nikko

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20050608/be545500/attachment.htm


More information about the Zope mailing list