You are not logged in Log in Join
You are here: Home » Members » jim » ZopeSecurity » Zope-2.1.6-Policy » wikipage_view

Log in




Example policy: DTML (Zope 2.1.6)

  • If an access name begins with aq_, then access is always allowed if the name is aq_parent or aq_explicit and always disallowed otherwise.
  • If an accessed value doesn't have a __roles__ attribute and the place it came from doesn't have and can't acquire a __roles__ attribute, then access is denied if the value was acquired and denied otherwise.
    I'm not sure if this is clear Jim, or is the double negative a typo?

For brevity, define roles to be the accessed value's __roles__, if present or the (possibly acquired) __roles__ of the object the accessed value came from.

  • If the AUTHENTICATED_USER has any of the roles or the outermost DTML methods's proxy roles include any of the roles, then access is granted, otherwise, access is denied.