Hi, On Thu, 2007-08-23 at 08:31 +0200, Adam Groszer wrote: > Hello Christian, > > Thanks, tried that. The problem is when new users "arrive", they get > ModifyContent permission in the site root. Now I shall add a > subscriber for the new_user event or denying ModifyContent from > Authenticated users should be enough? I am still a bit puzzled.
In a similar use-case, yes, I set up all relevant permissions for a `new arrival` using a subscriber - including denying permissions on sub-objects. I felt that being explicit about my security design was a good decision. Hope that helps. Darryl > > Thursday, August 23, 2007, 7:12:12 AM, you wrote: > > > Am Mittwoch, den 22.08.2007, 21:00 +0200 schrieb Adam Groszer: > >> Hello, > >> > >> Is there a sane way to stop permission propagation to sublocations? > >> Let's say I have a site, and somewhere below there is a folder as a > >> trashcan, unneeded objects get moved to here. Users must not modify > >> objects in the trash. Users usually will get ModifyContent permission > >> at the site level. > >> The easiest way seems to stop propagation of the permission > >> ModifyContent at the trashcan level. But how? Anybody done something > >> like this already? > > > Permissions can be set to 'yes' or 'no' or be 'unset'. Using those three > > states in combination with the default 'propagation' should give you > > what you want. If you set 'ModifyContent' to 'No' on the trash and the > > content's permission is not explicitly set then that should fit your > > situation. > > > Christian > > _______________________________________________ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com