Didier - read_raw() is an internal api that should never have been exposed in the first place (as you've noticed, that hole has since been closed up). You probably want to use the 'document_src()' method, which does what you want and is protected by the 'View management screens' permission. Hope this helps! Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com

-----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Didier Georgieff Sent: Wednesday, December 20, 2000 10:25 AM To: zope@zope.org Subject: [Zope] read_raw() not allowed below root ?

Hello,

I have a new problem wich i suspect is related with the weird things i didn't solved yet. I still don't found if it's a misunderstanding about new 2.2 security (like setting a local role ONLY if you have this local role) or a real problem.

I have a view_code method (stolen from Yihaw) wich basically look at code, properties, folders and print it.

It was working like a charm under 2.1.6.

Now on 2.2.4 (with the 12-08, 12-15a and 12-18 hotfix) and TransparentFolder 0.3:

* I don't have access to read-raw() (Unauthorized traceback below) , even if i'm manager (and even on folders without local roles) and even with manager as proxy role for this method. * ownership is implicit * and i deleted the remaining "superuser" having a local role on this method.

Until i understand what is going on (a bug or a misunderstanding), i guess i'll (gently ;-) flood the list. I'm deeply sorry to post again, but i found no information on the archive (read_raw), the explanations on the new security model didn't ring a bell, so ....

Thanks for any help or tip.

Unauthorized You are not authorized to access read_raw. Traceback (innermost last): File /zope/2-2-2/lib/python/ZPublisher/Publish.py, line 222, in publish_module File /zope/2-2-2/lib/python/ZPublisher/Publish.py, line 187, in publish File /zope/2-2-2/lib/python/ZPublisher/Publish.py, line 171, in publish File /zope/2-2-2/lib/python/ZPublisher/mapply.py, line 160, in mapply (Object: view_code) File /zope/2-2-2/lib/python/ZPublisher/Publish.py, line 112, in call_object (Object: view_code) File /zope/2-2-2/lib/python/OFS/DTMLMethod.py, line 172, in __call__ (Object: view_code) File /zope/2-2-2/lib/python/DocumentTemplate/DT_String.py, line 528, in __call__ (Object: view_code) File /zope/2-2-2/lib/python/DocumentTemplate/DT_In.py, line 691, in renderwob (Object: objectItems('DTML Method')) File /zope/2-2-2/lib/python/DocumentTemplate/DT_Var.py, line 278, in render (Object: read_raw()) File /zope/2-2-2/lib/python/DocumentTemplate/DT_Util.py, line 331, in eval (Object: read_raw()) (Info: read_raw) File /zope/2-2-2/lib/python/OFS/DTMLMethod.py, line 194, in validate (Object: view_code) File /zope/2-2- 2/lib/python/AccessControl/SecurityManager.py, line 139, in validate File /zope/2-2- 2/lib/python/AccessControl/ZopeSecurityPolicy.py, line 183, in validate Unauthorized: (see above)

-- Didier Georgieff DDAF du Bas-Rhin - Cellule SIG 2, rue des Mineurs 67070 Strasbourg Cedex tél : 03.88.25.20.33 - fax : 03.88.25.20.01 email : didier.georgieff@agriculture.gouv.fr SIT du Bas-Rhin : http://www.bas-rhin.sit.gouv.fr GéoWeb http://sertit10.u-strasbg.fr

_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )