I have an interesting problem with a part of a site that needs to be limited to privileged editors. Let's call this role "Editor". The problem is, unless I give the "Access contents information" permission to the "Anonymous" role, SQL Method calls are not permitted, even if I give _all_ permissions to the "Editor" role.
It's that curious? <!--#var AUTHENTICATED_USER--> equals to my editor user (defined in folder somewhere above the restricted folder), and <!--#var "AUTHENTICATED_USER.getRoles()"--> gives me ['Editor']. Btw, I've disabled acquisiton of permissions on the restricted folder.
Unless I give "Access contents information" to "Anonymous", the following traceback is emitted when authentication fails:
For now, I'll enable "Access contents information" for the "Anonymous" role, but in the long run I feel this is a bad solution.
-- Alexander Staubo
I think that this is a bug in permission registration. I've added a fix that seems to do the trick in my test area - can you try the following and let me know if this takes care of your problem?: In the file lib/python/Shared/DC/ZRDB/DA.py, add the line: Globals.default__class_init__(DA) ...right after the definition of the DA class, and do a restart. This should make sure that the permissions are registered correctly. Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com