Weird problem with permissions
Hello, I've just discovered a strange thing with my (test-)site. I don't know if it was from the beginning, or if I changed something. I'm using CookieCrumbler for authentication. I'm not logged in (Anonymous User). I've a page template with a form. The action attribute of the form refers to python-script-object. But if I submit the script I'm redirected to the login-page (the page set in cookie-crumber). Obviously a anon user doesn't have permissions to execute the script. All permissions are set to acquire, in the objects and in the upper folders. Is this normal? Which permissions do I have to set? The same behavior I've with a page template which just calls a SQL-method and displays (tal:repeat) the results. I've changed no security permissions. Everything works when I'm logged in with a user. What is wrong? Thanks, Florioan
Look at the security sessions of the root folder from which acquired permissions are derived. I suspect that anonymous users don't have the necessary permissions. On Sun, 5 Oct 2003, Florian Lindner wrote:
Hello, I've just discovered a strange thing with my (test-)site. I don't know if it was from the beginning, or if I changed something. I'm using CookieCrumbler for authentication. I'm not logged in (Anonymous User). I've a page template with a form. The action attribute of the form refers to python-script-object. But if I submit the script I'm redirected to the login-page (the page set in cookie-crumber). Obviously a anon user doesn't have permissions to execute the script. All permissions are set to acquire, in the objects and in the upper folders. Is this normal? Which permissions do I have to set? The same behavior I've with a page template which just calls a SQL-method and displays (tal:repeat) the results. I've changed no security permissions. Everything works when I'm logged in with a user. What is wrong? Thanks, Florioan
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
hi there, when installing zope using the debian apt system there is one point which should be made clearer and which seems to cause lots of problems. when the debian install script runs it prompts to create a user. it should be made clear that this is the emergency user and this user can only be used to create users. i.e. after logging in as this user the first thing someone should normally do is to create a user account with management rights. this new user can then create objects etc. in the zope documentation it repeatedly mentions the creation of an admin user during the installation routine - debian does NOT create this user but instead creates the emergency user. HTMS, kev bailey
On Sun, 5 Oct 2003, Kevin Bailey wrote:
when the debian install script runs it prompts to create a user. it should be made clear that this is the emergency user and this user can only be used to create users. i.e. after logging in as this user the first thing someone should normally do is to create a user account with management rights. this new user can then create objects etc. This is a Debian related issue which should be reported using the
reportbug tool. Just "apt-get install reportbug" and call this script.
in the zope documentation it repeatedly mentions the creation of an admin user during the installation routine - debian does NOT create this user but instead creates the emergency user. BTW, the packaging of Zope 2.6.x has changed drastically and thus your problem has been fixed a long time ago.
Kind regards Andreas.
participants (4)
-
Andreas Tille -
Dennis Allison -
Florian Lindner -
Kevin Bailey