Hi, I am working on an external method with a form and a button on it. <input type="submit" name="manage_addTerminhinweis:method" /> The method called by the button is defined in my class like this. manage_addTerminhinweis=DTMLFile("dtml/manage_addTerminhinweis", globals()) The manage_addTerminhinweis file doesn't use any dtml expressions. If I press the button as admin (inituser) everything works fine, but if I login as a normal user (defined in an acl_user folder) who has the same rights as admin I'm getting an unauthorized error. Any ideas why this doesn't work. MfG Steffen -- Manche Maenner bemuehen sich ein ganzes Leben lang, das Wesen einer Frau zu verstehen. Andere befassen sich mit weniger schwierigen Dingen, z.B. der Relativitaetstheorie.
Steffen Hausmann writes:
I am working on an external method with a form and a button on it. <input type="submit" name="manage_addTerminhinweis:method" />
The method called by the button is defined in my class like this. manage_addTerminhinweis=DTMLFile("dtml/manage_addTerminhinweis", globals())
The manage_addTerminhinweis file doesn't use any dtml expressions.
If I press the button as admin (inituser) everything works fine, but if I login as a normal user (defined in an acl_user folder) who has the same rights as admin I'm getting an unauthorized error.
Any ideas why this doesn't work. Not really...
What security declaration are you providing for "manage_addTerminhinweis"? It is accessed below the folder containing the "acl_users"? Dieter
Yes this is a subtle one! Zope methods that begin with "manage_" by default require the user to be have the manager role. It's one of these old legacy things that probably will be changed at some stage. A On 30/11/02 12:17 pm, "Steffen Hausmann" <steffen@hausmann-family.de> wrote:
Hi,
I am working on an external method with a form and a button on it. <input type="submit" name="manage_addTerminhinweis:method" />
The method called by the button is defined in my class like this. manage_addTerminhinweis=DTMLFile("dtml/manage_addTerminhinweis", globals())
The manage_addTerminhinweis file doesn't use any dtml expressions.
If I press the button as admin (inituser) everything works fine, but if I login as a normal user (defined in an acl_user folder) who has the same rights as admin I'm getting an unauthorized error.
Any ideas why this doesn't work.
MfG Steffen
participants (3)
-
Andrew Veitch -
Dieter Maurer -
Steffen Hausmann