Hi, hello, this is my first post this list. Im am using: (Zope 2.5.0 (source release, python 2.1, linux2) [SuSE Linux], python 2.2.0, linux2) and have the following question: Given that folder hierarchy: root +my_domain +scripts +generate_link (Python script) +projects +fooproject +index_html (DTML document) where everything but my_domain/p rojects/fooproject/index_html is owned by admin, only my_domain/projects/fooproject/index_html is owned by some standard user (Authenticated role). in index_html I want to call the script generate_link like that: <dtml-var expr="scripts.generate_link('bla.pdf')">The bla document.</a> I'm not using any proxy roles, and get the following traceback: Zope Error Zope has encountered an error while publishing this resource. Error Type: Unauthorized Error Value: You are not allowed to access devserv_link in this context Traceback Traceback (innermost last): File /opt/zope/lib/python/ZPublisher/Publish.py, line 98, in publish File /opt/zope/lib/python/ZPublisher/mapply.py, line 88, in mapply (Object: index_html) File /opt/zope/lib/python/ZPublisher/Publish.py, line 39, in call_object (Object: index_html) File /opt/zope/lib/python/OFS/DTMLDocument.py, line 127, in __call__ (Object: index_html) File /opt/zope/lib/python/DocumentTemplate/DT_String.py, line 473, in __call__ (Object: index_html) File /opt/zope/lib/python/DocumentTemplate/DT_Util.py, line 159, in eval (Object: scripts.generate_link('bla.pdf')) (Info: scripts) File , line 1, in (Object: guarded_getattr) File /opt/zope/lib/python/OFS/DTMLMethod.py, line 151, in validate (Object: index_html) Unauthorized: You are not allowed to access generate_link in this context Every folder has at least View and Access contents information set. What else can be required? (The script call even fails if it only consists of return "foo") TIA Timo. -------------------- Loewe Opta GmbH ------------------------ Timo Weggen Phone: +49 511 563 549 0 LOEWE Opta GmbH Fax: +49 511 563 549 65 Hildesheimer Str. 140 e-mail: tweggen@loewe-komp.de 30173 Hannover Web: http://www.loewe.de ---------------- Kompetenzzentrum Hannover ------------------
Timo Weggen wrote at 2003-1-9 11:19 +0100:
hello, this is my first post this list. Im am using: (Zope 2.5.0 (source release, python 2.1, linux2) [SuSE Linux], python 2.2.0, linux2) and have the following question:
Given that folder hierarchy: root +my_domain +scripts +generate_link (Python script) +projects +fooproject +index_html (DTML document) where everything but my_domain/p rojects/fooproject/index_html is owned by admin, only my_domain/projects/fooproject/index_html is owned by some standard user (Authenticated role). Ownership is essential only in the second place. The permissions and roles are more essential.
... Error Type: Unauthorized Error Value: You are not allowed to access devserv_link in this context ... Traceback ... File /opt/zope/lib/python/OFS/DTMLMethod.py, line 151, in validate (Object: index_html) Unauthorized: You are not allowed to access generate_link in this context This error message looks a bit confusing. Above, "devserv_link" access is unauthorized, below its "generate_link". Are you sure, that you got really this message? (Tracebacks usually have embedded newslines, unlike in your quotation)
Every folder has at least View and Access contents information set. ... granting access for the user for whom the access was denied?
Where (in what "acl_users") is the user defined. It can access non public objects only in the subhierarchy governed by this "acl_users".
What else can be required? (The script call even fails if it only consists of return "foo") You can try Shane's product "VerboseSecurity". It facilitates analysis of authorzation problems.
Dieter
participants (2)
-
Dieter Maurer -
Timo Weggen