John Hunter wrote at 2005-6-7 09:52 -0500:
... Traceback (innermost last): ... URL: http://srp.uchicago.edu/2005/Sections/B1/Amrita%20Arora/ProjectSubmission_ad... Physical Path:/srp/2005/Sections/B1/Amrita Arora/ProjectSubmission_addForm * Module DocumentTemplate.DT_String, line 474, in __call__ * Module DocumentTemplate.DT_With, line 76, in render
Unauthorized: You are not allowed to access 'mentor' in this context
The "VerboseSecurity" product may give you more detailed information. I usually analyse such problems in an interactive Python interpreter. Under *nix, you start it with "bin/zopectl debug" (for Windows, a "*.bat" file has been posted --> mailing list archive). You login in the interactive Python interpreter with UF = app.acl_users # or some other user folder u = UF.getUser('your_user') # what user you want) from AccessControl.SecurityManagement import newSecurityUser newSecurityUser(None, u.__of__UF) # "u" is now logged in You can check whether Zope thinks the current user can access attribute "a" with value "v" from container "c" with from AccessControl import getSecurityManager as gSM; sm = gSM() # the security manager sm.validate(c, c, a, v) It will return "1" for access allowed, or 0 or an "Unauthorized" exception (do not ask why) for access denied. For attributes without their own security declarations (such as properties), "validate" will consult "c.__roles__" (the roles allowed to access "c") and "c.__allow_access_to_unprotected_subobjects__". -- Dieter