brad, in trying to reproduce this i am noticing that this has nothing to do with the LDAPUserFolder. i am seeing the very same behavior using a bone-stock zope user folder in the subfolder. i filed a collector issue in the Zope issue collector:: http://collector.zope.org/Zope/47 jens On Friday, November 23, 2001, at 01:58 , Brad Clements wrote:
I've broken my site, and can't figure it out. This is Zope 2.4.3 binary on Linux
I have
/ (root) with acl_users
/Strader public without an acl_users (all permissions are "acquire from above")
/Strader/P not public, has an LDAPUserFolder for acl_users
local roles are defined in the root /acl_users
Security for /Strader/P has disabled acquisition of "access contents information" and "view", and enabled these permissions for the roles Manager, SFCustomer and SFManager
Logging in as a Manager defined in root /acl_users works for management, but when I attempt to view a ZPT in /Strader/P using the Test tab, I get "you are not authorized to access title"
My manager userid is also defined in the LDAP adapter as well, so I'm authenticated by the LDAPUserFolder in /Strader/P or /acl_users depending on what I'm accessing.
So "view" in /Strader works okay for me
-- But the real problem is --
Logging in as a user who is only defined in LDAP adapter, who has the roles SFCustomer and SFManager still gives the same error "not authorized to access title" on /Strader/P/Master (page template when viewing)
I'm totally stumped, it's as if LDAPUserFolder is not returning the correct list of roles. However, if I temporarily enable acquisition of view and "access contents" , I can get this output from viewing the ZPT
roles are ('SFCustomer', 'SFManager', 'Anonymous', 'Authenticated')
(the Master template has )
roles are <span tal:content="user/getRoles">roles</span>
Anyone have any ideas how to diagnose this so I can see where to fix it?
I've searched the archives, there are some grumblings about this in the past but no obvious silver bullet.
Brad Clements, bkc@murkworks.com (315)268-1000 http://www.murkworks.com (315)268-9812 Fax netmeeting: ils://ils.murkworks.com AOL-IM: BKClements