Brenda Bell wrote at 2008-5-13 13:27 +0000:
In article <b311b-news-555B7E.01592813052008@news.gmane.org>, Brenda Bell <b311b-news@theotherbell.com> wrote:
What I can't seem to do is get the permissions right such that a user in the Editor role can add new External Files.
I've checked every box on the Security tab for the Editor role. Users in the Editor role can view and modify existing ExternalFile's but still cannot add new ones.
I enabled VerboseSecurity and I see this in my console window when I try to add an ExternalFile when logged in as a user who is assigned the Editor role:
2008-05-13 13:12:55 ERROR Zope.SiteErrorLog http://localhost:8090/foo/manage_addProduct/ExternalFile/manage_addObject ViaGui Traceback (innermost last): Module ZPublisher.Publish, line 110, in publish Module ZPublisher.BaseRequest, line 596, in traverse Module ZPublisher.HTTPResponse, line 713, in unauthorized Unauthorized: <strong>You are not authorized to access this resource.</strong><p> No Authorization header found.</p>
The "manage_addObject" requires roles for which no user folder in context could identify an appropriate user. You could try to find out in an interactive interpreter (started with "bin/zopectl debug" under "*nix") which roles are required. app.unrestrictedTraverse('foo/manage_addProduct/ExternalFile').manage_addObject__roles__ -- Dieter