[Zope] Security framework troubles
Anders Bruun Olsen
anders at bruun-olsen.net
Fri May 6 12:19:25 EDT 2005
Hi,
I am attempting to make a zope product (a custom book-database for use
by my employer) and of course want to secure it. I have added this code
to my class:
security = ClassSecurityInfo()
security.setDefaultAccess("deny")
security.declareProtected("View Bookbase", "index_html")
security.declareProtected("View Bookbase", "standard_page")
security.declareProtected("View management screens", "manage_main")
And also of course InitializeClass(Bookbase)
When the template tries to access container/title an access denied
expection is raised. With VerboseSecurity I get this explanaition:
Unauthorized: The container has no security assertions. Access to
'title' of (Bookbase at /bookbase) denied.
What exactly am I missing here?
It works if I do setDefaultAccess("allow"), but I don't want to allow
access by default and then just deny for those I know I want to deny
access to. I want it the other way around.
--
Anders
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/O d--@ s:+ a-- C++ UL+++$ P++ L+++ E- W+ N(+) o K? w O-- M- V
PS+ PE@ Y+ PGP+ t 5 X R+ tv+ b++ DI+++ D+ G e- h !r y?
------END GEEK CODE BLOCK------
PGPKey: http://random.sks.keyserver.penguin.de:11371/pks/lookup?op=get&search=0xD4DEFED0
More information about the Zope
mailing list