[Zope3-Users] Re: Denying permissions for 'everybody' - which
principals to use?
Stephan Richter
srichter at cosmos.phy.tufts.edu
Tue Dec 13 14:54:05 EST 2005
On Friday 02 December 2005 18:03, Jeff Shell wrote:
> Nobody knows? I'm bouncing this up to see if anyone has any input yet.
> I had some other projects come up that put this on hold for a bit, but
> just now looking at the code I realized I still need help. And before
> I go through the joys of experimentation this weekend or early next
> week with all of the combinations I ask here, I thought I'd float this
> by again. The summary of what I say below is: I don't know how to
> programatically deny zope.View to everybody. The implementation I
> currently have challenges the visitor but then still allows access to
> the object in question even if the HTTP auth challenge box is canceled
> out of.
Oh yeah, and make sure that none of your other ZCML gives anonymous certain
access.
I think a Python session debugging the security check would be good as well.
Maybe you should start writing a small doctest setting up the interaction and
the views and the security and see what you get and get not working. It is
much easier to reason about Python code. :-)
Regards,
Stephan
--
Stephan Richter
CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student)
Web2k - Web Software Design, Development and Training
More information about the Zope3-users
mailing list