RE: [Zope] Sudden authentication problem
Problem solved, but with more questions for Dieter, or whoever is willing to answer them; see below.
But the "Unauthorized" exception is already raised when the catalogued object is looked up. Forgive my inexperience, but how do you know this?
REQUEST['AUTHENTICATED_USER']. has_permission('Add EW Nav Links',
REQUEST.resolve_url(BASE0+getpath(data_record_id_))))
raised the "Unauthorized" exception (according to your traceback).
In this expression, only "REQUEST.resolve_url(...)" and maybe "getpath" (if your user can not access the catalog, but that seems unlikely) can raise this exception. "REQUEST" and its methods are public, "has_permission" is public, "BASE0" is public (as part of "REQUEST").
I guess I meant how do you know that "getpath" is unlikely to have caused the exception? I knew that this line raised the exception, but why couldn't it have come from "getpath"? I'm trying here to get at that experienced programmer thinking that says to you "that seems unlikely". Are you trusting that I haven't messed around with the catalog (given my inexperience, _that_ seems likely, and I haven't)? Presumably, in the default configuration, the catalog is viewable by all users, including "Anonymous", and as far as I know, that hasn't been modified. But isn't "getpath" going to cause an "Unauthorized" exception if the object referred to by "data_record_id" in that particular iteration of the loop is inaccessible, and not just if the catalog itself is inaccessible? Or does "getpath" not cause an access check?
.... <dtml-call "REQUEST.set('YihawFolders', [])"> <dtml-in expr="Catalog({'meta_type':'Yihaw Folder'})"> <dtml-if "REQUEST['AUTHENTICATED_USER'].has_permission('Add EW Nav Links', REQUEST.resolve_url(BASE0+getpath(data_record_id_)))"> <dtml-call "YihawFolders.append(getpath(data_record_id_))"> </dtml-if> </dtml-in>
As a workaround, you could wrap your "if" into a "dtml-try". If you get an "Unauthorized" exception, it should surely not be in your "YihawFolders" list.
This is of course exactly what I needed to do, thank you. It turns out that users want to secure some folders from general access, which was not part of our original design, so the original programmer didn't take it into account. So now, with a nice little try/except, all is well again. Thanks much! BTW, Dieter, I've begun reading your book in the five minutes a day I laughingly refer to as my "free time." Excellent work! Craig
participants (1)
-
Dunigan, Craig