I'm using LoginManager and the loginForm cookie method for security.
I want my login form to use the same standard_html_header, stylesheet
and so on as my system.
My hierarchy is
/
Strader
StyleSheet
acl_Users
loginForm
I've denied anonymous access to Strader and so on, but I want the
loginForm to be able to load standard_html_header, which in turn
references a few things in Strader
Anyway, my loginForm has this:
dtml-with Strader
dtml-var standard_html_header
/dtml-with
I've given the loginForm a proxy role called "Customer"
Customer has full access to Strader and everything in it.
It looks like standard_html_header is rendered, but when
standard_html_header calls StyleSheet and other objects in the Strader
folder, I get the browser login box. Cancelling that shows "access to
StyleSheet denied".
Its as if the proxy role assigned to loginForm is discarded by
standard_html_header, even though I didn't assign
standard_html_header any proxy roles.
Is this a bug, or by design?
--
Also, I see that I have some very strange permissions in my list, looks
like an installed product goofed.
I see this single character permissions.
A C D G Z a d h r s t
Ahh.. Looks like ZGDChart hasn't used a tuple where it should...
Brad Clements,[EMAIL PROTECTED] (315)268-1000
http://www.murkworks.com (315)268-9812 Fax
netmeeting: ils://ils.murkworks.com AOL-IM: BKClements
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
