You are not logged in Log in Join
You are here: Home » Members » jim » ZopeSecurity » Zope-2.1.6-Policy

Log in
Name

Password

 
 

History for Zope-2.1.6-Policy

??changed:
-
Example policy: DTML (Zope 2.1.6)

  - If an access name begins with 'aq_', then access is always
    allowed if the name is 'aq_parent' or 'aq_explicit' and always
    disallowed otherwise.

  - If an accessed value doesn't have a '__roles__' attribute and
    the place it came from doesn't have and can't acquire a
    '__roles__' attribute, then access is denied if the
    value was acquired and denied otherwise.

    MichelP -- I'm not sure if this is clear Jim, or is the       double negative a typo?

  For brevity, define 'roles' to be the accessed value's
  '__roles__', if present or the (possibly acquired) '__roles__'
  of the object the accessed value came from.

  - If the AUTHENTICATED_USER has any of the roles or the
    outermost DTML methods's proxy roles include any of the     roles,
    then access is granted, otherwise, access is denied.