Different acces to private folder in Plone 2.1

classic Classic list List threaded Threaded
6 messages Options
Lucafbb Lucafbb
Reply | Threaded
Open this post in threaded view
|

Different acces to private folder in Plone 2.1

Hi all.
 
Working on a plone 2.1 site, I found that, if I create a folder, set it to private and then I try to access inner content of that folder with an unauthorized user, I'm able to search for this content type (ok) but I'm also able to view it (Not ok at all)!
 
 
Thinking of a problem in my portal, I repeat the test on a completly new and empty Zope 2.8.2 instance and Plone 2.1.1 site:
 
- I create a folder in the root
- I make it private
- I insert a document in the new folder
 
Now I access to the portal with anonymous user... I'm able to search and read the document.
 
I see also the whole path to the document WITHOUT the folder, so It's looks like that the document is in the root.
 
If I try to access the folder directly, then I get the expected error "Unauthorized".
 
I try to post this bug (if it is) to the Issues Tracker in plone.org, but I fear that this is only a new method of work of Plone 2.1 (but is this possible?!?).
 
I need help, or explanations!
Sébastien Verbois Sébastien Verbois
Reply | Threaded
Open this post in threaded view
|

Re: Different acces to private folder in Plone 2.1

It's not a bug.

It's because your document is in the "visible" (Public Draft) state.

The "visible" and "published" documents are always visible by anonymous.

You can understand this if you look at the permissions of the "visible"
state of the "plone_worflow".
(portal_workflow/plone_workflow/states/visible/manage_permissions)
Anonymous has  "Access contents information" and "View" permissions when
a document is "visible".

Solution : Make the document "private" or change the workflow.








-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Plone-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users
RedTurtle RedTurtle
Reply | Threaded
Open this post in threaded view
|

Re: Re: Different acces to private folder in Plone 2.1

But this is VERY different from Plone 2.0

In Plone 2.0, I can always search for a visible document, even if is in a private folder, BUT I can't access it.
I get the Unauthorized!

I find this a bad thing...
If I admin a site, and I want to set an entire site section (aka: a folder with thousands content type inside), what I must do? Set all the content type inside the folder at private? And how I can turn back the their original state after?

On 10/20/05, sve <[hidden email]> wrote:
It's not a bug.

It's because your document is in the "visible" (Public Draft) state.

The "visible" and "published" documents are always visible by anonymous.

You can understand this if you look at the permissions of the "visible"
state of the "plone_worflow".
(portal_workflow/plone_workflow/states/visible/manage_permissions)
Anonymous has  "Access contents information" and "View" permissions when
a document is "visible".

Solution : Make the document "private" or change the workflow.








-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Plone-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users

Jip Jip
Reply | Threaded
Open this post in threaded view
|

Re: Re: Different acces to private folder in Plone 2.1

In the workflow configuration, disable Anonymous to "Access content information" and "View", and enable "Acquire permission settings" in the "visible" state.
All documents with this workflow will inherit the permission settings from the parent folder.
 
----- Original Message -----
Sent: Thursday, October 20, 2005 1:35 PM
Subject: Re: [Plone-users] Re: Different acces to private folder in Plone 2.1

But this is VERY different from Plone 2.0

In Plone 2.0, I can always search for a visible document, even if is in a private folder, BUT I can't access it.
I get the Unauthorized!

I find this a bad thing...
If I admin a site, and I want to set an entire site section (aka: a folder with thousands content type inside), what I must do? Set all the content type inside the folder at private? And how I can turn back the their original state after?

On 10/20/05, sve <[hidden email]> wrote:
It's not a bug.

It's because your document is in the "visible" (Public Draft) state.

The "visible" and "published" documents are always visible by anonymous.

You can understand this if you look at the permissions of the "visible"
state of the "plone_worflow".
(portal_workflow/plone_workflow/states/visible/manage_permissions)
Anonymous has  "Access contents information" and "View" permissions when
a document is "visible".

Solution : Make the document "private" or change the workflow.








-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Plone-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users

Alexander Limi Alexander Limi
Reply | Threaded
Open this post in threaded view
|

Re: Re: Different acces to private folder in Plone 2.1

In reply to this post by RedTurtle
Try this:

http://plone.org/documentation/how-to/make-permission-settings-inherit

On Thu, 20 Oct 2005 04:35:36 -0700, RedTurtle  
<[hidden email]> wrote:

> But this is VERY different from Plone 2.0
>
> In Plone 2.0, I can always search for a visible document, even if is in a
> private folder, BUT I can't access it.
> I get the Unauthorized!
>
> I find this a bad thing...
> If I admin a site, and I want to set an entire site section (aka: a  
> folder
> with thousands content type inside), what I must do? Set all the content
> type inside the folder at private? And how I can turn back the their
> original state after?
>
> On 10/20/05, sve  
> <[hidden email]> wrote:
>>
>> It's not a bug.
>>
>> It's because your document is in the "visible" (Public Draft) state.
>>
>> The "visible" and "published" documents are always visible by anonymous.
>>
>> You can understand this if you look at the permissions of the "visible"
>> state of the "plone_worflow".
>> (portal_workflow/plone_workflow/states/visible/manage_permissions)
>> Anonymous has "Access contents information" and "View" permissions when
>> a document is "visible".
>>
>> Solution : Make the document "private" or change the workflow.
>>
>>
>>
>>
>>
>>
>>
>>
>> -------------------------------------------------------
>> This SF.Net email is sponsored by:
>> Power Architecture Resource Center: Free content, downloads,  
>> discussions,
>> and more. http://solutions.newsforge.com/ibmarch.tmpl
>> _______________________________________________
>> Plone-users mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/plone-users
>>



--
_____________________________________________________________________

      Alexander Limi · Chief Architect · Plone Solutions · Norway

  Consulting · Training · Development · http://www.plonesolutions.com
_____________________________________________________________________

       Plone Co-Founder · http://plone.org · Connecting Content
   Plone Foundation · http://plone.org/foundation · Protecting Plone



-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Plone-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users
Alexander Limi · http://limi.net

Steve Granger Steve Granger
Reply | Threaded
Open this post in threaded view
|

Re: Re: Re: Different acces to private folder in Plone 2.1

Hi All,

I want to know if there is some (graphical) documenation relating to how
these permissions/workflows relate to what you see/access as a plone
website user.

I took on the role of maintaining a plone 2.04 site and was given the
task of creating user/groups/members only access to certain folders of
the site. After spending two weeks poking around plone it all seems like
a bit of a black art. Maybe I'm not looking at the right howtos or
turtorials for what I wanted to.

Unfortunately the documentation relating to what I thought I wanted to
do, listed on the plone site is unvailable i.e.

http://plone.org/documentation/how-to/simple-intranets

" Create a simple "members-only" section of your site
     A simple recipie for creating a section of your site that is
available only to certain groups of members, and completely hidden from
others. Developed using Plone 2.0.5, not tested with Plone 2.1. "

I don't have the permissions to access it. I'm assuming it has been
retracted seeing it's out of date and doesn't relate to plone 2.1.

Thanks to sebastien, Jose and Limi for offering hints on how to
implement these permissions for folders. This is one of the better/best
lists I have subscribed to.

-- Steve



Alexander Limi wrote:

> Try this:
>
> http://plone.org/documentation/how-to/make-permission-settings-inherit
>
> On Thu, 20 Oct 2005 04:35:36 -0700, RedTurtle  
> <[hidden email]> wrote:
>
>> But this is VERY different from Plone 2.0
>>
>> In Plone 2.0, I can always search for a visible document, even if is in a
>> private folder, BUT I can't access it.
>> I get the Unauthorized!
>>
>> I find this a bad thing...
>> If I admin a site, and I want to set an entire site section (aka: a  
>> folder
>> with thousands content type inside), what I must do? Set all the content
>> type inside the folder at private? And how I can turn back the their
>> original state after?
>>
>> On 10/20/05, sve  <[hidden email]> wrote:
>>
>>>
>>> It's not a bug.
>>>
>>> It's because your document is in the "visible" (Public Draft) state.
>>>
>>> The "visible" and "published" documents are always visible by anonymous.
>>>
>>> You can understand this if you look at the permissions of the "visible"
>>> state of the "plone_worflow".
>>> (portal_workflow/plone_workflow/states/visible/manage_permissions)
>>> Anonymous has "Access contents information" and "View" permissions when
>>> a document is "visible".
>>>
>>> Solution : Make the document "private" or change the workflow.
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> -------------------------------------------------------
>>> This SF.Net email is sponsored by:
>>> Power Architecture Resource Center: Free content, downloads,  
>>> discussions,
>>> and more. http://solutions.newsforge.com/ibmarch.tmpl
>>> _______________________________________________
>>> Plone-users mailing list
>>> [hidden email]
>>> https://lists.sourceforge.net/lists/listinfo/plone-users
>>>
>
>
>



-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Plone-users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users