problem with authorisation using webdav/HTMLDocument
Hi all, I am having a weird problem with authorisation using webdav and the HTMLDocument product. The problem: ------------ When I create a new document in say Netscape composer, publish it, I am asked for a username and password, ..... everything works fine. When I then browse to this page it is there, I can edit it, and republish it as above .......... all beautiful so far. The problem is that when I then edit this page but enter an invalid username/password on publish ........ it publishes anyway. The interesting things I noted: ------------------------------- If I enter an invalid username/password on creation of a new file I am given an 'authorisation failed' message. (as expected) If I enter an invalid username/password on editing a DTMLDocument I am given an 'authorisation failed' message. (also as expected). In the security tab of the root folder I can set roles that can 'Add HTML Documents', but there is no corresponding 'Change HTML Documents' available on the list. Questions: ---------- Has anyone else seen this problem? Can anyone tell me if it is likely to be a problem with HTML Document or with the way my Roles are defined? Should there be a 'Change HTML Documents' option on the Permissions list? Sorry if this is vague, is there any other info I can give? I am running Zope 2.3.2 on linux, with HTMLDocument 0.2 If anyone has ANY suggestions, please help :( TIA, Joe. Joe Gaffey Software Developer Gradient - a Sabre Company Ormonde House Tel: + 353 1 2400 500 12 Lower Leeson Street Fax: + 353 1 2400 501 Dublin 2 Email: joe.gaffey@gradient.ie Ireland Web: www.gradient.ie www.sabre.com
Joe Gaffey writes:
I am having a weird problem with authorisation using webdav and the HTMLDocument product. .... The problem is that when I then edit this page but enter an invalid username/password on publish ........ it publishes anyway. Changing content is often protected by a common permission:
Change documents, images and files You can use my DocFinder product to find out how methods are protected: URL:http://www.dieter.handshake.de/pyprojects/zope Dieter
Thanks for that Dieter. I realised that there was no mention of __ac_permissions__ in the HTMLDocument product that I was using which I thought was a bit strange. So I looked more carefully at the code/product that I had installed and realised that it was not from http://www.zope.org/Members/sf/HTMLDocument, but was rather from http://www.zope.org/Members/unfo/howto_wrapper. They seem to be quite different implementations of the same thing. The reason I chose the one I did was coz at the time I was VERY new to zope and there was *NO* installation instructions that I could find for the other. I would like to advise others that the second one above (...Members/unfo/....) gave me a lot of trouble with authorisation, whereas the first one (...Members/sf/....) seems to work a treat. However it claims to be fully Catalog aware, but I had to add a reindex_object() method call..... a small price to pay:) Thanks to all concerned, Joe. -----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Dieter Maurer Sent: Thursday, August 16, 2001 8:04 PM To: Joe Gaffey Cc: zope@zope.org Subject: Re: [Zope] problem with authorisation using webdav/HTMLDocument Joe Gaffey writes:
I am having a weird problem with authorisation using webdav and the HTMLDocument product. .... The problem is that when I then edit this page but enter an invalid username/password on publish ........ it publishes anyway. Changing content is often protected by a common permission:
Change documents, images and files You can use my DocFinder product to find out how methods are protected: URL:http://www.dieter.handshake.de/pyprojects/zope Dieter _______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
participants (2)
-
Dieter Maurer -
Joe Gaffey