Here's the situation:
1. I have a user with default permissions, and local permissions to
View an object in my site (by default, users can only view folders but
not documents).
2. I copy the folder that contains that document and paste it in
another location. It seems this copies most of the object, but does
not keep the local roles or references. That's fine.
3. I have a custom page template that displays documents recursively
to see all objects at all levels below a given object. This code uses
the catalog.
The problem is, when I try to view the folder that contains the pasted
folder, I get an Unauthorized error. This seems correct, at first,
since the user does not have View permissions on the copied documents.
But the reason I'm getting the error is because the catalog query is
still returning the copied objects as part of the result, even though
the user has no permissions on them. The catalog usually
automatically filters out results that the current user does not have
the View permission on, so these entries should not be in the catalog.
If I assign a local role to the user, then unassign it, the security
issue is fixed because the copied objects no longer show up in the
catalog results. I need to find a way to either:
- copy any local roles on objects that are copied (recursively), or
- find out why the copied objects are showing up in the catalog results.
Any thoughts?
Dave
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play:
http://sourceforge.net/geronimo.php_______________________________________________
Plone-users mailing list
Plone-users@...
https://lists.sourceforge.net/lists/listinfo/plone-users
