Dieter, Thanks for your answer. You are right: it seems there is a problem in traversing back to the root (looking at the trace). However, my classes are already inheriting from Acquisition.Implicit. So, this is not sufficient to solve the problem. Philippe
-----Original Message----- From: Dieter Maurer [mailto:dieter@handshake.de] Sent: dimanche 28 octobre 2001 19:04 To: Bocquillon Philippe Cc: 'zope@zope.org' Subject: Re: [Zope] FW: Security question - precision
Bocquillon Philippe writes:
Zope refuses "add object" permission to any user having a role other than Manager, i.e. Zope refuses to add objects in containers whose classes are my proper classes (inheriting ObjectManager), even if I give all permissions to these other roles, at root level and acquiring them. When a role adds these objects in _standard_ Zope Folders, no problem, Zope permits it. Looks as if your classes do not inherit from "Acquisition.Implicit" (probably "Acquisition.Explicit" will work, too).
In such a case, the Zope security machinery is no longer able to traverse back to the root. Consequently, it rejects the request (more precisely, it uses its default role assignment, "Manager").
Dieter