Re: [Zope] How to debug access denials?
Stephane Bortzmeyer writes:
Indeed. What am I supposed to do with that? Why is the 'title' property of the object unauthorized? (The object itself is viewable by Anonymous.) I would expect "AccessContentsInformation" is relevant to access properties.
.... I had to drop most of my DTML methods for the experimental sites I use to "sell" Zope to other people, they're too hard to use. DTML methods brings me back to sendmail.cf editing: great in theory but only a few people (after an agreement with the devil?) can do what they want with it. I read from that, that you do not use DTML objects. For *them*, access to attributes is granted for the "View" permission. Apparently, this is not true for all objects.
Dieter
On Thu, 14 Dec 2000, Dieter Maurer wrote:
I would expect "AccessContentsInformation" is relevant to access properties.
....
I read from that, that you do not use DTML objects. For *them*, access to attributes is granted for the "View" permission. Apparently, this is not true for all objects.
Where can we get a mapping avout which permission is needed to do something and what allows each permission depending on the object type ? Is it in a doc somewhere ? Of course this is impossible to do for every existing Zope product (near 250), but at least for the default installed ones this would be wonderful. IMHO the permissions is the most confusing part of Zope, and I'm not aware of any clear and complete document on this subject. For example Chapter 6 of Michel and Amos Zope Book ("Users and Security") doesn't cover this (or maybe I've not read it carefully). feel free to send me any pointer to the doc. bye, Jerome Alet
participants (2)
-
Dieter Maurer -
Jerome Alet