----- Original Message ----- From: "Dieter Maurer" <dieter@handshake.de> To: "Kees de Brabander" <cj.de.brabander@hccnet.nl> Cc: <zope@zope.org> Sent: Thursday, December 15, 2005 5:54 PM Subject: Re: [Zope] user account defined outside context of object being accessed
Kees de Brabander wrote at 2005-12-13 22:40 +0100:
... Module AccessControl.ImplPython, line 449, in validate Module AccessControl.ImplPython, line 774, in raiseVerbose Unauthorized: Your user account is defined outside the context of the object being accessed. Access to 'f1_index' of (Folder at /f1), acquired through (Folder at /f1/f11/f111), denied. Your user account, user1, exists at /f1/f11/acl_users. Access requires one of the following roles: ['Authenticated', 'Manager', 'Owner', 'student'].
A user defined in "/f1/f11/acl_users" tries to access the protected "/f1/f1_index". This is not allowed by Zope security system: a user defined in a user folder can only access protected objects "governed" by this user folder.
In your case, all objects at or below "/f1/f11" is governed by your user folder ("/f1/f11/acl_users"). "/f1/f1_index" does not lie within this hierarchy and is therefore not governed.
I am painfully aware now that this is the case, at least starting from zope 2.7.8. I have not tested all versions of zope, but at least up to 2.7.3 zope had no problem with such a set up.