Joerg Baach wrote at 2008-2-25 19:45 +0000:
... I am trying to have a folderish object that acquires from a user object (ldapuserfolder). It should have its own properties and contents, but fall back to the ones of the ldap user.
I have created an object, extending Folder, and it behaves nicely in zopectl debug. When I try to access it through e.g. a python script I get an:
Error Type: Unauthorized Error Value: Unable to find __roles__ in the container and the container is not wrapped. Access to 'dn' of test, acquired through (LDAPProxy at /testfolder/ldapproxy), denied.
When you access attribute "x" (with value "xv") on object "o", Zope will first check whether "xv" has security declarations (more precisely, a "__roles__" attribute). If it has, they are used. Otherwise, Zope checks for "o.x__roles__". If found, they are used. Otherwise, "o.__roles__" may be examined (under some circumstances). Note that for most security declarations, "o" needs to be fully acquisition wrapped. Otherwise, there may be two problems: * Zope cannot find the information to map permissions to roles (as this mapping is defined on the acquisition path leading to the root) * "o" does is not "covered" by the user folder which has identified the current user. A user has only special roles on objects "covered" by its user folder. A object is "covered" by a user folder, when the object lies in the subtree rooted in the user folder's container. -- Dieter