problem accessing object as anonymous
Hi there, I try to find out, why in an intranet accessing an object from a link sendt by email is not possible. situation: a user from a plone intranet sends a link to a dokument within the intranet to a colleague. if that colleague clicks on the link while *not logged* into the intranet she is presented with the *browser* login box repeatedly. entering the credential does not help. the error log shows that access to the document is forbidden for the document for the user Anonymous while debugging I found out, that the __roles__ property of a given document is a tuple of the form ('GroupMember', 'Guest', 'Manager', 'FolderManager', 'Owner') if I copy the same document to a vanilla plone site its __roles__ property is ['Anonymous', 'Manager', 'Reviewer', 'Manager', 'Anonymous'] I have the impression, that when 'Anonymous' is part of __roles__, access to the object is possible. without it, access fails. now my questions: is the assumption, that the failed acces is caused by the missing 'Anonymous' role in __roles__ correct? if yes: what controls the setting of __roles__ if not: what could be the reason of the fact, that users are not presented the cookieCrumbler-base plone login is not presented? thanks very much for your help robert
oh, I am using plone 2.5x here with Zope 2.9.8-final, python 2.4.6, linux2 robert robert rottermann schrieb:
Hi there, I try to find out, why in an intranet accessing an object from a link sendt by email is not possible. situation: a user from a plone intranet sends a link to a dokument within the intranet to a colleague. if that colleague clicks on the link while *not logged* into the intranet she is presented with the *browser* login box repeatedly. entering the credential does not help. the error log shows that access to the document is forbidden for the document for the user Anonymous
while debugging I found out, that the __roles__ property of a given document is a tuple of the form ('GroupMember', 'Guest', 'Manager', 'FolderManager', 'Owner')
if I copy the same document to a vanilla plone site its __roles__ property is ['Anonymous', 'Manager', 'Reviewer', 'Manager', 'Anonymous']
I have the impression, that when 'Anonymous' is part of __roles__, access to the object is possible. without it, access fails.
now my questions: is the assumption, that the failed acces is caused by the missing 'Anonymous' role in __roles__ correct?
if yes: what controls the setting of __roles__
if not: what could be the reason of the fact, that users are not presented the cookieCrumbler-base plone login is not presented?
thanks very much for your help robert
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
robert rottermann schrieb:
Hi there, I try to find out, why in an intranet accessing an object from a link sendt by email is not possible. situation: a user from a plone intranet sends a link to a dokument within the intranet to a colleague. if that colleague clicks on the link while *not logged* into the intranet she is presented with the *browser* login box repeatedly. entering the credential does not help. the error log shows that access to the document is forbidden for the document for the user Anonymous
while debugging I found out, that the __roles__ property of a given document is a tuple of the form ('GroupMember', 'Guest', 'Manager', 'FolderManager', 'Owner')
if I copy the same document to a vanilla plone site its __roles__ property is ['Anonymous', 'Manager', 'Reviewer', 'Manager', 'Anonymous']
I found out more: this dropping of 'Anonymous' and converting to a tuple only happens when I use our own workflow. if I use the standard plone workflow so I wonder, what can provoke this? robert
I have the impression, that when 'Anonymous' is part of __roles__, access to the object is possible. without it, access fails.
now my questions: is the assumption, that the failed acces is caused by the missing 'Anonymous' role in __roles__ correct?
if yes: what controls the setting of __roles__
if not: what could be the reason of the fact, that users are not presented the cookieCrumbler-base plone login is not presented?
thanks very much for your help robert
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 robert rottermann wrote:
while debugging I found out, that the __roles__ property of a given document is a tuple of the form ('GroupMember', 'Guest', 'Manager', 'FolderManager', 'Owner')
if I copy the same document to a vanilla plone site its __roles__ property is ['Anonymous', 'Manager', 'Reviewer', 'Manager', 'Anonymous']
I found out more: this dropping of 'Anonymous' and converting to a tuple only happens when I use our own workflow. if I use the standard plone workflow so I wonder, what can provoke this?
The "tuple" form is how the classic Z2 security policy spells "don't acquire" under the hood (it goes all the way back to bobo, I think). My guess is that the state in your custom workflow has the 'acquire' flag unchecked: you need either to add permissions for Anonymous on that state, or else check the "acquire" checkbox. Tres. - -- =================================================================== Tres Seaver +1 540-429-0999 tseaver@palladion.com Palladion Software "Excellence by Design" http://palladion.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJ7z0i+gerLs4ltQ4RAgh/AKDO7d13bqX3dW5BvsoYSryGNDyGEwCgq8bp 1Y3ds5ROL1n5qyBZelIObDw= =oG9u -----END PGP SIGNATURE-----
participants (2)
-
robert rottermann -
Tres Seaver