Hi all, I have a dtml method a_method with access allowed to users having some_role, I have a folder a_folder where user1 has local role some_role. If, logged in as user1, I access .../a_folder/a_method I get an unauthorized error message. It seems to me like local roles are not acquired. Is this right or I'm doing something wrong? I'm running zope 2.5.1 on a debian woody system. TIA Regards -- //// (@ @) ---------------------------oOO----(_)----OOo------------------------ Los pecados de los tres mundos desapareceran conmigo. Alexis Roda - Universitat Rovira i Virgili - Reus, Tarragona (Spain) --------------------------------------------------------------------
Check the permissions on everything a_method calls. That's probably your problem. To do a quick test if this is true, give a_method a Manager Proxy Role. If that solves your problem, you know that you hadn't set permissions correctly for some called object. If that doesn't solve your problem, you haven't set the permissions for a_method correctly. HTH Dylan At 12:14 PM 10/21/2002 +0200, Alexis Roda wrote:
Hi all, I have a dtml method a_method with access allowed to users having some_role, I have a folder a_folder where user1 has local role some_role. If, logged in as user1, I access .../a_folder/a_method I get an unauthorized error message.
It seems to me like local roles are not acquired. Is this right or I'm doing something wrong?
I'm running zope 2.5.1 on a debian woody system.
TIA Regards -- //// (@ @) ---------------------------oOO----(_)----OOo------------------------ Los pecados de los tres mundos desapareceran conmigo. Alexis Roda - Universitat Rovira i Virgili - Reus, Tarragona (Spain) --------------------------------------------------------------------
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Dylan Reinhardt wrote:
Check the permissions on everything a_method calls. That's probably your problem.
To do a quick test if this is true, give a_method a Manager Proxy Role. If that solves your problem, you know that you hadn't set permissions correctly for some called object. If that doesn't solve your problem, you haven't set the permissions for a_method correctly.
I forgot to mention a detail, a_method is not in a_folder folder. It is acquired the same way the hippo gets vaccinated in the zope zoo. I have tested with the following simplified structure: +- zope root (default permissions) +- acl_users (here is where user1 is defined, no roles) +- local_role_test (default permissions) +- bin (*) +- a_method (**) +- a_folder (here user1 has some_role) (*) manager, owner and some_role have permissions "access contents information" and "view". Those permissions are not acquired from parent. The rest of permissions have default values. (**) a_method is plain HTML: <html><body><p>Hello</p></body></html> as user1 I get an unauthorized messages when I access /local_role_text/bin/a_folder/a_method Giving user1 some_role in a_method instead of a_folder is not a good solution. On the real problem I'll have user1, user2 ... and folders a_folder1, a_folder2 ... userN should be able to access a_folderN only. TIA Regards -- //// (@ @) ---------------------------oOO----(_)----OOo------------------------ Los pecados de los tres mundos desapareceran conmigo. Alexis Roda - Universitat Rovira i Virgili - Reus, Tarragona (Spain) --------------------------------------------------------------------
Alexis Roda wrote:
(*) manager, owner and some_role have permissions "access contents information" and "view". Those permissions are not acquired from parent. The rest of permissions have default values.
Here I have made two different tests: 1.- defining security settings on bin folder. This may not work since bin is accessed before a_folder (where user1 gets some_role) 2.- defining security settings on a_method and giving authenticated users access to bin folder. This way user1 can access bin since it is authenticated, it gets some_role on a_folder and ... it can't access a_method ~~:-? TIA Regards -- //// (@ @) ---------------------------oOO----(_)----OOo------------------------ Los pecados de los tres mundos desapareceran conmigo. Alexis Roda - Universitat Rovira i Virgili - Reus, Tarragona (Spain) --------------------------------------------------------------------
At 10:20 AM 10/22/2002 +0200, you wrote:
I forgot to mention a detail, a_method is not in a_folder folder. It is acquired the same way the hippo gets vaccinated in the zope zoo.
Permissions aren't acquired that way. If they were, someone could just type the URL: server/public_folder/private_method and circumvent your security settings at will. You can do one of three things: 1. Change the permissions to a_method manually. 2. Change the permissions for bin/ 3. Move the files around so that methods with similar levels of access are grouped together. 1 or 2 will fix the occasional exception. Approach 3 will yield the best results long-term. HTH, Dylan
participants (3)
-
Alexis Roda -
Dylan Reinhardt -
Dylan Reinhardt