cookie crumbler and error messages
Hi all, I'm using CookieCrumbler on a project which sits in / on one server, and /project in another. I'd like to secure a part of the site through *.metadata files so that users of a certain role can't access it. this is done and works well. however, when they try to access a part of the site which is secured, they're: a- given a log in popup prompt which they don't have the details for. and b- when they click cancel, they're given the dreaded zope barf screen. how can i either just redirect them to loggin_form or change the standard_error_message template to pick up these errors. i've tried changing the template that is in my zmi root, but none of the changes affect the screen when it appears, so i have no idea where to go from here. many thanks for reading! paul
Paul Hendrick wrote:
Hi all, I'm using CookieCrumbler on a project which sits in / on one server, and /project in another.
...that could do with more explanation :-S
I'd like to secure a part of the site through *.metadata files so that users of a certain role can't access it.
This is _not_ the correct way to do this. Are you using Plone or something similarly silly? What are you trying to do? What lead you to believe .metadata files are the way to go?
however, when they try to access a part of the site which is secured, they're: a- given a log in popup prompt which they don't have the details for. and
You've likely managed to make the login form unaccessable to anonymous users... cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
Paul Hendrick wrote at 2005-11-16 17:28 +0000:
I'm using CookieCrumbler on a project which sits in / on one server, and /project in another. I'd like to secure a part of the site through *.metadata files so that users of a certain role can't access it. this is done and works well. however, when they try to access a part of the site which is secured, they're: a- given a log in popup prompt which they don't have the details for.
What is "a log in popup prompt"? Do you mean the browser login dialog? Usually, you should get the cookie crumblers login form. If you get instead a browser login dialog, this means that something went wrong. Often, it means that the URL located object itself was not protected but it accesses a protected object. Reconfigure your "error_log" object (ZMI, "Root Folder") to not ignore "Unauthorized" exceptions. Reproduce the error and look what the "error_log" might tell you about it. -- Dieter
Hi, thanks for the reply. I did what you asked and the error log produced these messages: Unauthorized: <strong>You are not authorized to access this resource.</strong><p> Username and password are not correct. Unauthorized: You are not allowed to access 'sql_select' in this context the sql_select error is because my .metadata file is denying requests to it for users with a certain role. no idea where to go from here i'm afraid cheers, Paul On 11/18/05, Dieter Maurer <dieter@handshake.de> wrote:
Paul Hendrick wrote at 2005-11-16 17:28 +0000:
I'm using CookieCrumbler on a project which sits in / on one server, and /project in another. I'd like to secure a part of the site through *.metadata files so that users of a certain role can't access it. this is done and works well. however, when they try to access a part of the site which is secured, they're: a- given a log in popup prompt which they don't have the details for.
What is "a log in popup prompt"? Do you mean the browser login dialog?
Usually, you should get the cookie crumblers login form. If you get instead a browser login dialog, this means that something went wrong. Often, it means that the URL located object itself was not protected but it accesses a protected object.
Reconfigure your "error_log" object (ZMI, "Root Folder") to not ignore "Unauthorized" exceptions. Reproduce the error and look what the "error_log" might tell you about it.
-- Dieter
-- cheers, paul web : http://www.currentlyfabulous.com/blog
paul hendrick wrote at 2005-11-21 14:44 +0000:
Hi, thanks for the reply. I did what you asked and the error log produced these messages:
Unauthorized: <strong>You are not authorized to access this resource.</strong><p> Username and password are not correct. Unauthorized: You are not allowed to access 'sql_select' in this context
the sql_select error is because my .metadata file is denying requests to it for users with a certain role. no idea where to go from here i'm afraid
There is another vital rule: whenever you see errors (more precisely "exception"s), you should look (and report) the associated traceback. It tells you where the exception occured. What we know so far: the request tried to access "sql_select" and did not have the required permission. The traceback will tell you where this happens and this may help us to understand why it happens. -- Dieter
participants (3)
-
Chris Withers -
Dieter Maurer -
Paul Hendrick