Re: [Zope] Newbie question : ZopeTime & permissions
Aaron Straup Cope writes:
My problem is that I can't seem to figure out, specifically, which permissions to give a user that will allow them to read ZopeTime(). Strange...
"DateTime.DateTime" objects (and therefore "ZopeTime") are explicitely unprotected (and can be used by everyone). I tried your example as "Anonymous" (Zope 2.2.2) and it worked as expected (i.e. no NameError). Dieter
Yes, it was a misunderstanding regarding basic user permissions and the Anonymous role on my part. I did not want to allow the Anonymous role *any* permissions, and the site I am working in is contained in a folder beneath the root Zope folder. The problem was that I had disabled the "Access contents information" privilege for the Anonymous user (whose permissions I forgot are inherited by all other users) at the root level, thus preventing Joe User from being able to access internals(?) like ZopeTime even if [it] had permissions at a sub-directory level. If I've got it wrong, I would be grateful if someone would correct me. Otherwise, I hope that helps other newbies who find themselves in a similar situation. On Sun, 8 Oct 2000, Dieter Maurer wrote:
Aaron Straup Cope writes:
My problem is that I can't seem to figure out, specifically, which permissions to give a user that will allow them to read ZopeTime(). Strange...
"DateTime.DateTime" objects (and therefore "ZopeTime") are explicitely unprotected (and can be used by everyone).
I tried your example as "Anonymous" (Zope 2.2.2) and it worked as expected (i.e. no NameError).
Dieter
Aaron Straup Cope writes:
I did not want to allow the Anonymous role *any* permissions, and the site I am working in is contained in a folder beneath the root Zope folder.
The problem was that I had disabled the "Access contents information" privilege for the Anonymous user (whose permissions I forgot are inherited by all other users) at the root level, thus preventing Joe User from being able to access internals(?) like ZopeTime even if [it] had permissions at a sub-directory level. Sorry, I was wrong, at least partially!
The fact, that "ZopeTime" returns an unprotected DateTime object, does of cause not mean that "ZopeTime" itself is unprotected. After your message, I reexamined your problem: * "ZopeTime" is defined in "OFS.Application.Application", i.e. the top level application object. * "ZopeTime" apparently is not protected by an explicit permission (neither mentioned in an "__ac_permissions__" nor is there a "ZopeTime__roles__" attribute nor is there a new SecurityManager assertion about "ZopeTime". As I understand Zope 2.2 security, this should mean "ZopeTime" is inaccessible from DTML. * However, magically, "ZopeTime" is protected by "Access Contents Information". I can not tell you why. Both is astonishable: * that it is accessible by DTML at all * why "Access Contents Information" is required. Apparently, the Zope security still has some hidden magic. Dieter
participants (2)
-
Aaron Straup Cope -
Dieter Maurer