On Saturday 24 November 2001 01:40, Andre Schubert wrote:
root/
index_html
foo/
acl_users/
bar/
Image
I have a image which could only be view by users with a role named
foobar, these users are in acl_users.
If i access the image through the web a must authenticate
Danny William Adair schrieb:
On Saturday 24 November 2001 01:40, Andre Schubert wrote:
root/
index_html
foo/
acl_users/
bar/
Image
I have a image which could only be view by users with a role named
foobar, these users are in acl_users.
If i access the
This doesn't work, because the user it not known in root where the
index_html is,
the user is known in the folder view.
Sorry.
I think I read your first email a little too fast.
This behavior is normal, and meant to strengthen Zope security.
You are not calling the Image object, index_html
Tim McLaughlin wrote:
root has a role called 'User' with 'View' permissions (anonymous is
disabled) and acl_users has a user called joe. joe can access objects in
folder2 according to the permissions set on the root by using acquisition
like this:
http://server/folder1/folder2/object1
joe
It seems to me that a User should not get to keep their roles in the
acquired objects which are above the User Folder in which the user is
defined... However, that does not seem to be true according my testing.
This is what happens. Imagine a tree like this
root-folder1-acl_users
