Dangerous permissions granted to Anonymous to allow ZClass instantiation?
The following looks like a Zope bug (Zope 2.5.1): It seems that permissions such as Create class instances must be given to Anonymous so that Authenticated can create class instances. It seems impossible to only allow Authenticated to create class instances. Details: Error Type: Unauthorized Error Value: You are not allowed to access ORL_Art in this context The error above appears for the following Python Script line: context.manage_addProduct['ORL'].ORL_Art.createInObjectManager(id,Dct) The error appears if Authenticated role has the following permissions and Anonymous does not have them: Add Documents, Images, and Files Add ORL_Arts Create class instances Manage properties The error disappears if Anonymous is given the above roles. If this is not Zope bug, what might be causing it? The manage_addProduct did not have this problem in Zope 2.4.4. -- Milos Prudek
It won't help you much, but I have had the same problems. I recreated the ZClass and the problem went away. Douwe
-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Milos Prudek Sent: Wednesday, July 03, 2002 6:05 PM To: zope Subject: [Zope] Dangerous permissions granted to Anonymous to allow ZClass instantiation?
The following looks like a Zope bug (Zope 2.5.1):
It seems that permissions such as Create class instances must be given to Anonymous so that Authenticated can create class instances. It seems impossible to only allow Authenticated to create class instances.
Details:
Error Type: Unauthorized Error Value: You are not allowed to access ORL_Art in this context
The error above appears for the following Python Script line: context.manage_addProduct['ORL'].ORL_Art.createInObjectManager(id,Dct)
The error appears if Authenticated role has the following permissions and Anonymous does not have them:
Add Documents, Images, and Files Add ORL_Arts Create class instances Manage properties
The error disappears if Anonymous is given the above roles.
If this is not Zope bug, what might be causing it? The manage_addProduct did not have this problem in Zope 2.4.4.
-- Milos Prudek
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Indeed! Your advice certainly helped me. Now that I recreated the ZClass everything is OK. Thank you! Conclusion: Using Export/Import to copy ZClasses from Zope 2.4.x to Zope 2.5.x sometimes results in very odd behavior. ZClass must sometimes be created from scratch. Furthermore: - when importing ZCatalog from Zope 2.4.x to Zope 2.5.x, Update Catalog should be performed. - when importing Python Scripts from Zope 2.4.x to Zope 2.5.x, recompilation should be performed (http://www.yourserver.com/manage_addProduct/PythonScripts/recompile) Is this going to be addressed in Zope 2.6, or Zope 3?
It won't help you much, but I have had the same problems. I recreated the ZClass and the problem went away.
It seems that permissions such as Create class instances must be given to Anonymous so that Authenticated can create class instances. It seems impossible to only allow Authenticated to create class instances.
-- Milos Prudek
participants (2)
-
douwe@oberon.nl -
Milos Prudek