On 2/24/06, David <[EMAIL PROTECTED]> wrote: > gf wrote: > > >Hi, > >I am relatively new to Zope and have a question regarding acl_user folders. > > > >I am trying to prevent 'view' access to an acl_users folder that I > >have created in a non-root area of my website. > > > >I have used the management interface Security tab to uncheck the > >'Acquire permission settings' for the 'View' Permission and have > >enabled View for the Manager role only. > > > >I have taken the same actions for my root acl_users folder as well. > > > >When I browse to http://mysite/myfolder/acl_users, I am presented with > >a view of the index_html file contained within myfolder, with the > ><dtml-var title_or_id> 'output' indicating that it is 'User Folder'. > > > >Why is acl_users making use of the container's index_html? Is there a > >way to limit even View access to this folder? > > > >Thanks. > > > >-g > > > > > gf, > > Thats normal zope acquisition. When you access a folder with no > viewable object it goes *up* in search of something to acquire and > index_html is implied. Authorization occurs when something is about to > be published or accessed - not just typed in a URL. > > David > >
Hi David, I appreciate the clear explanation. That certainly makes sense. Does that mean, then, that it is not really possible to limit view access like I want without some 'extraordinary' measures? Is it possible to have this particular folder type acquire some other object instead of index_html? I suppose if I could redirect to another folder that would be sufficient. Thanks. -g _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )