Robin Becker writes:
How can I find out exactly what is causing my security permissioning to fail.
I have put extra stuff into ZPublisher\BaseRequest.py at line 463 so I know that I'm failing on
UnauthorizedYou are not authorized to access this resource. URL='http://192.168.0.4:7080/live/index_html' No Authorization header found.
I am an anonymous user. Even when I make /live have the same permissions as the manager I can't make it work. index_html is a dtml method of the class of which live is an instance.
How can I figure out what is blocking the anonymous access. The URL traversal in "ZPublisher.BaseRequest.traverse" led to a "roles" assignment with a non-"None" value. This triggers authentication checking. Annonymous did not have one of the necessary roles.
I would probably check, what "roles" are determined during traversal. Apparently, your "live" is a Z instance. It is quite easy to forget the ZClass permission mapping (or get it wrong). This may lead to strange permission problems. Dieter