hasRole bug or feature in 2.2.?
I'm having a problem with AUTHENTICATED_USER.hasRole() I have a user with the role 'Member' defined at the root level (and nowhere else). I also have the following DTML method at the root level: <dtml-if "REQUEST['AUTHENTICATED_USER'].hasRole(PARENTS[-1], ['Member'])"> You are a Member. <dtml-else> Your are NOT a Member. </dtml-if> When I first request the protected document /Bogus/membersonly, I'm prompted to log in. When I do, I get access to the /Bogus/membersonly document. Then when I request /Bogus/isMember, it says I am a Member. However, when I request /isMember, it says I am NOT a Member. Anywhere I request isMember, other than in the /Bogus folder, I am NOT a Member, even though the user is defined at the root level with the Member role. If I then request a protected document /membersonly, it shows me the document without prompt. After I do that, when I request /isMember or /AnyFolder/isMember, it now tells me I am a Member. Why does it not recognize that I'm a user with the Member role anywhere on the site until I access a protected document at the root level? Is this by design or a bug? If by design, what's the reasoning? Thanks! _______________________ Ron Bickers Logic Etc, Inc. rbickers@logicetc.com
You're gonna laugh. Get ready. You didn't protect the isMember document. It's viewable by Anonymous. The Zope security machinery short-circuits authentication for resources that don't require it. This means that when you view a resource that's unprotected, you view it "as Anonymous". Anonymous doesn't have the Member role, so you see "You are NOT a Member" when you view /isMember. I don't particularly like this behavior, but it seems not to bother anyone else. I think it should authorize you and set AUTHENTICATED_USER if you pass in auth info regardless of the protection on the resource you're trying to view. ----- Original Message ----- From: "Ron Bickers" <rbickers@logicetc.com> To: <zope@zope.org> Sent: Thursday, January 11, 2001 5:01 PM Subject: [Zope] hasRole bug or feature in 2.2.?
I'm having a problem with AUTHENTICATED_USER.hasRole()
I have a user with the role 'Member' defined at the root level (and nowhere else). I also have the following DTML method at the root level:
<dtml-if "REQUEST['AUTHENTICATED_USER'].hasRole(PARENTS[-1], ['Member'])"> You are a Member. <dtml-else> Your are NOT a Member. </dtml-if>
When I first request the protected document /Bogus/membersonly, I'm prompted to log in. When I do, I get access to the /Bogus/membersonly document. Then when I request /Bogus/isMember, it says I am a Member. However, when I request /isMember, it says I am NOT a Member. Anywhere I request isMember, other than in the /Bogus folder, I am NOT a Member, even though the user is defined at the root level with the Member role.
If I then request a protected document /membersonly, it shows me the document without prompt. After I do that, when I request /isMember or /AnyFolder/isMember, it now tells me I am a Member.
Why does it not recognize that I'm a user with the Member role anywhere on the site until I access a protected document at the root level? Is this by design or a bug? If by design, what's the reasoning?
Thanks! _______________________
Ron Bickers Logic Etc, Inc. rbickers@logicetc.com
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
-----Original Message----- From: Chris McDonough [mailto:chrism@digicool.com] Sent: Thursday, January 11, 2001 6:25 PM To: Ron Bickers; zope@zope.org Subject: Re: [Zope] hasRole bug or feature in 2.2.?
You're gonna laugh. Get ready.
You didn't protect the isMember document. It's viewable by Anonymous. The Zope security machinery short-circuits authentication for resources that don't require it. This means that when you view a resource that's unprotected, you view it "as Anonymous". Anonymous doesn't have the Member role, so you see "You are NOT a Member" when you view /isMember.
I'm not sure this makes sense. If I protect isMember, then anonymous won't be able to determine if they're a member without being prompted to log in. Isn't that true? That's not what I want. Also, why does it behave differently after I view a protected document in the root? isMember is still not protected, but it then correctly returns that I have the Member role anywhere in the site. _______________________ Ron Bickers Logic Etc, Inc. rbickers@logicetc.com
I have a problem with ZMySQLDA and aggregate functions in combination with grouping on Windows. When I say: SELECT COUNT(*) FROM mytable GROUP BY myfield; I get an KeyError 'Unhandeld'. SELECT COUNT(*) FROM mytable; works fine, so does SELECT myfield FROM mytable GROUP BY myfield; but not the combination of both. Also on a linux machine the error doesn't occur. Of course I tested the queries from the mysql command line. Any help? Markus Kemmerling
participants (3)
-
Chris McDonough -
Markus Kemmerling -
Ron Bickers