bruno modulix wrote:
Sébastien Vinot wrote:
Continuing to investigate my problem
Which is ?-)
I get now this error " You are not allowed to access 'aq_inner' in this context " for one specific user.
I've read that aq_inner is the aquisition system : how is it possible not to have rights on it ?
UTSL !-)
AFAIK, aq_self, aq_parent, aq_inner, etc, are under control of the security mechansim and are not accessible from the 'restricted' environment (scripts, ZPT, DTML etc.). You can only use'em from Products or External Methods.
Actually, the ZopeSecurity policy normally prohibits accessfrom untrusted code to any acquisition methods *except* 'aq_parent', 'aq_inner', and 'aq_explicit' (search $ZOPE_HOME/lib/python/AccessControl/ImplPython.py for 'valid_aq'). The exceptions then go through the "normal" validation process. Try adding Shane Hathaway's VerboseSecurity product to your Zope (while debugging such issues); it often gives you many more clues to what triggers and Unauthorized exception: http://hathawaymix.org/Software/VerboseSecurity Tres. -- =============================================================== Tres Seaver tseaver@zope.com Zope Corporation "Zope Dealers" http://www.zope.com