Zope-2.1.6-Policy
Example policy: DTML (Zope 2.1.6)
- If an access name begins with
aq_
, then access is always allowed if the name isaq_parent
oraq_explicit
and always disallowed otherwise. - If an accessed value doesn't have a
__roles__
attribute and the place it came from doesn't have and can't acquire a__roles__
attribute, then access is denied if the value was acquired and denied otherwise.- MichelP?
- I'm not sure if this is clear Jim, or is the double negative a typo?
For brevity, define roles
to be the accessed value's
__roles__
, if present or the (possibly acquired) __roles__
of the object the accessed value came from.
- If the AUTHENTICATED_USER has any of the roles or the outermost DTML methods's proxy roles include any of the roles, then access is granted, otherwise, access is denied.