Re: [Zope] I don't understand why fail
----- Original Message ----- From: "Garito" <garito@gmail.com> To: "Jonathan" <dev101@magma.ca> Sent: Thursday, March 08, 2007 11:05 AM Subject: Re: [Zope] I don't understand why fail
Hi Jonathan! CrearFuncionalidad and BorrarFuncionalidad has the same security permissions (acquired from parent) I don't change anything at this point
The question I can't understand is when BorrarFuncionalidad ask for a login and password I put my user that is manager and owner but the login don't work (it ask again and again)
Both scripts has the same parent and the same security permissions
It seems like if zope (or someone else) lost the logged user but I don't understand when or who
Please stay on the list. Have a look at the full traceback in the error_log (ZMI root folder - you may have to remove the 'Unauthorized' entry from the 'Ignored exception types' field), it may provide some more information. Jonathan
Sorry (I use Gmail and the default reply is pushed) When I try to execute BorrarFuncionalidad this error is raised: Traceback (innermost last): Module ZPublisher.Publish, line 106, in publish Module ZPublisher.BaseRequest, line 323, in traverse Module Products.Yanged.Yanged, line 61, in __bobo_traverse__ Module Products.Yanged.Yanged, line 134, in __call__ Module Products.Yanged.Yanged, line 164, in Ejecutar Module Products.Yanged.Yanged, line 118, in __call__ Module Products.Yanged.Yanged, line 164, in Ejecutar Module Shared.DC.Scripts.Bindings, line 311, in __call__ Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec Module Products.PythonScripts.PythonScript, line 325, in _exec Module None, line 2, in Borrar - <PythonScript at /sistes.net/clientes/escobarsl.com/Comandos/BorrarFuncionalidad used for /sistes.net/clientes/escobarsl.com/Pagina/Borrar/BorrarCaso> - Line 2 Unauthorized: You are not allowed to access 'manage_delObjects' in this context And nothing is deleted. But the next I try is CrearFuncionalidad and the object is created but this error appears on the error log: Traceback (innermost last): Module ZPublisher.Publish, line 115, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 41, in call_object Module Products.Yanged.Yanged, line 101, in index_html Module Products.Yanged.Yanged, line 134, in __call__ Module Products.Yanged.Yanged, line 164, in Ejecutar Module Products.Yanged.Yanged, line 134, in __call__ Module Products.Yanged.Yanged, line 164, in Ejecutar Module Products.Yanged.Yanged, line 134, in __call__ Module Products.Yanged.Yanged, line 164, in Ejecutar Module Products.Yanged.Yanged, line 118, in __call__ Module Products.Yanged.Yanged, line 164, in Ejecutar Module Shared.DC.Scripts.Bindings, line 311, in __call__ Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec Module Products.PythonScripts.PythonScript, line 325, in _exec Module None, line 4, in CrearFuncionalidad - <PythonScript at /sistes.net/clientes/escobarsl.com/Comandos/CrearFuncionalidad used for /sistes.net/clientes/escobarsl.com/Pagina/Editar/SiNoHayErrores/SiNoHayCaso/CrearCaso> - Line 4 Unauthorized: You are not allowed to access 'CrearYanged' in this context But THE OBJECT IS CREATED! Weird isn't it? 2007/3/8, Jonathan <dev101@magma.ca>:
----- Original Message ----- From: "Garito" <garito@gmail.com> To: "Jonathan" <dev101@magma.ca> Sent: Thursday, March 08, 2007 11:05 AM Subject: Re: [Zope] I don't understand why fail
Hi Jonathan! CrearFuncionalidad and BorrarFuncionalidad has the same security permissions (acquired from parent) I don't change anything at this point
The question I can't understand is when BorrarFuncionalidad ask for a login and password I put my user that is manager and owner but the login don't work (it ask again and again)
Both scripts has the same parent and the same security permissions
It seems like if zope (or someone else) lost the logged user but I don't understand when or who
Please stay on the list.
Have a look at the full traceback in the error_log (ZMI root folder - you may have to remove the 'Unauthorized' entry from the 'Ignored exception types' field), it may provide some more information.
Jonathan
-- Mis Cosas: http://blogs.sistes.net/Garito
----- Original Message ----- From: "Garito" <garito@gmail.com> To: <zope@zope.org> Sent: Thursday, March 08, 2007 11:24 AM Subject: Re: [Zope] I don't understand why fail
Sorry (I use Gmail and the default reply is pushed)
When I try to execute BorrarFuncionalidad this error is raised:
Traceback (innermost last): Module ZPublisher.Publish, line 106, in publish Module ZPublisher.BaseRequest, line 323, in traverse Module Products.Yanged.Yanged, line 61, in __bobo_traverse__ Module Products.Yanged.Yanged, line 134, in __call__ Module Products.Yanged.Yanged, line 164, in Ejecutar Module Products.Yanged.Yanged, line 118, in __call__ Module Products.Yanged.Yanged, line 164, in Ejecutar Module Shared.DC.Scripts.Bindings, line 311, in __call__ Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec Module Products.PythonScripts.PythonScript, line 325, in _exec Module None, line 2, in Borrar - <PythonScript at /sistes.net/clientes/escobarsl.com/Comandos/BorrarFuncionalidad used for /sistes.net/clientes/escobarsl.com/Pagina/Borrar/BorrarCaso> - Line 2 Unauthorized: You are not allowed to access 'manage_delObjects' in this context
And nothing is deleted. But the next I try is CrearFuncionalidad and the object is created but this error appears on the error log:
Traceback (innermost last): Module ZPublisher.Publish, line 115, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 41, in call_object Module Products.Yanged.Yanged, line 101, in index_html Module Products.Yanged.Yanged, line 134, in __call__ Module Products.Yanged.Yanged, line 164, in Ejecutar Module Products.Yanged.Yanged, line 134, in __call__ Module Products.Yanged.Yanged, line 164, in Ejecutar Module Products.Yanged.Yanged, line 134, in __call__ Module Products.Yanged.Yanged, line 164, in Ejecutar Module Products.Yanged.Yanged, line 118, in __call__ Module Products.Yanged.Yanged, line 164, in Ejecutar Module Shared.DC.Scripts.Bindings, line 311, in __call__ Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec Module Products.PythonScripts.PythonScript, line 325, in _exec Module None, line 4, in CrearFuncionalidad - <PythonScript at /sistes.net/clientes/escobarsl.com/Comandos/CrearFuncionalidad used for /sistes.net/clientes/escobarsl.com/Pagina/Editar/SiNoHayErrores/SiNoHayCaso/CrearCaso> - Line 4 Unauthorized: You are not allowed to access 'CrearYanged' in this context
But THE OBJECT IS CREATED!
So the question isn't "why does the manage_delObjects fail" (this script should fail for an Anonymous user), but the real question is why is an object created when you are getting an Unauthorized error in 'CrearFuncionalidad'. If you really are getting an object created in the same transaction that raises the 'Unauthorized' error, then the only thing I can think of is that the 'Yanged' product is trapping the error, adding/committing the object anyway, and then re-raising the Unauthorized error afterwards... but this would be a very very unusual thing to do. Jonathan
Have a look at the full traceback in the error_log (ZMI root folder - you may have to remove the 'Unauthorized' entry from the 'Ignored exception types' field), it may provide some more information. Another thing you can do is to activate the "verbose-security" directive in your zope.conf file. Don't forget, to set the "security-policy-implementation" to "python" and restart zope. You may get more verbose output when getting an Unauthorized exception.
Regards Josef
As Josef tell me I try verbose security and this is the traceback: Traceback (innermost last): Module ZPublisher.Publish, line 106, in publish Module ZPublisher.BaseRequest, line 323, in traverse Module Products.Yanged.Yanged, line 61, in __bobo_traverse__ Module Products.Yanged.Yanged, line 134, in __call__ Module Products.Yanged.Yanged, line 165, in Ejecutar Module Products.Yanged.Yanged, line 118, in __call__ Module Products.Yanged.Yanged, line 165, in Ejecutar Module Shared.DC.Scripts.Bindings, line 311, in __call__ Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec Module Products.PythonScripts.PythonScript, line 325, in _exec Module None, line 2, in Borrar - <PythonScript at /sistes.net/clientes/escobarsl.com/Comandos/BorrarFuncionalidad used for /sistes.net/clientes/escobarsl.com/Pagina/Borrar/BorrarCaso> - Line 2 Module AccessControl.ImplPython, line 729, in guarded_getattr Module AccessControl.ImplPython, line 671, in aq_validate Module AccessControl.ImplPython, line 565, in validate Module AccessControl.ImplPython, line 463, in validate Module AccessControl.ImplPython, line 810, in raiseVerbose Unauthorized: Your user account does not have the required permission. Access to 'manage_delObjects' of (Yanged at /sistes.net/clientes/escobarsl.com/Pagina/Funcionalidades) denied. Your user account, Anonymous User, exists at (unknown). Access requires one of the following roles: ['Manager']. Your roles in this context are ['Anonymous']. I can't understand why when zope prompts me for a login and password and I put my user (with manager and owner roles) still fail. This is what seems weird for me Isn't it? Thanks! 2007/3/8, Josef Meile <jmeile@hotmail.com>:
Have a look at the full traceback in the error_log (ZMI root folder - you may have to remove the 'Unauthorized' entry from the 'Ignored exception types' field), it may provide some more information. Another thing you can do is to activate the "verbose-security" directive in your zope.conf file. Don't forget, to set the "security-policy-implementation" to "python" and restart zope. You may get more verbose output when getting an Unauthorized exception.
Regards Josef _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
-- Mis Cosas: http://blogs.sistes.net/Garito
Hi again! I search for the user who is launching the execution of my code and I have a question: I'm using prototype to launch some actions via AJAX Could be this the problem? How can I conservate the user who launch the actions between AJAX calls? Thanks! 2007/3/8, Garito <garito@gmail.com>:
As Josef tell me I try verbose security and this is the traceback:
Traceback (innermost last): Module ZPublisher.Publish, line 106, in publish Module ZPublisher.BaseRequest, line 323, in traverse Module Products.Yanged.Yanged, line 61, in __bobo_traverse__ Module Products.Yanged.Yanged, line 134, in __call__ Module Products.Yanged.Yanged, line 165, in Ejecutar Module Products.Yanged.Yanged, line 118, in __call__
Module Products.Yanged.Yanged, line 165, in Ejecutar Module Shared.DC.Scripts.Bindings, line 311, in __call__ Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec Module Products.PythonScripts.PythonScript , line 325, in _exec Module None, line 2, in Borrar - <PythonScript at /sistes.net/clientes/escobarsl.com/Comandos/BorrarFuncionalidad used for /sistes.net/clientes/escobarsl.com/Pagina/Borrar/BorrarCaso>
- Line 2 Module AccessControl.ImplPython, line 729, in guarded_getattr Module AccessControl.ImplPython, line 671, in aq_validate Module AccessControl.ImplPython, line 565, in validate Module AccessControl.ImplPython , line 463, in validate Module AccessControl.ImplPython, line 810, in raiseVerbose Unauthorized: Your user account does not have the required permission. Access to 'manage_delObjects' of (Yanged at /sistes.net/clientes/escobarsl.com/Pagina/Funcionalidades) denied. Your user account, Anonymous User, exists at (unknown). Access requires one of the following roles: ['Manager']. Your roles in this context are ['Anonymous'].
I can't understand why when zope prompts me for a login and password and I put my user (with manager and owner roles) still fail. This is what seems weird for me
Isn't it?
Thanks!
2007/3/8, Josef Meile <jmeile@hotmail.com>:
Have a look at the full traceback in the error_log (ZMI root folder - you may have to remove the 'Unauthorized' entry from the 'Ignored exception types' field), it may provide some more information. Another thing you can do is to activate the "verbose-security" directive in your zope.conf file. Don't forget, to set the "security-policy-implementation" to "python" and restart zope. You may get more verbose output when getting an Unauthorized exception.
Regards Josef _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
-- Mis Cosas: http://blogs.sistes.net/Garito
-- Mis Cosas: http://blogs.sistes.net/Garito
participants (3)
-
Garito -
Jonathan -
Josef Meile