Hi! I've been trying to define a staff role, which is basically a Manager that can create/edit/delete 2 kinds of objects (OrderedFolder, Structured Document). Now I'm getting a funny behaviour: My test user can access the "/manage" Frameset, but instead of the contents pane, the user gets the website rendered. (The frameset contains the link to manage_workspace, but this seems to be redirected to index_html :( ) So which permission do I need to set, that the "staff" role may really see the management screens? Additionally it seems, that there are "Add Structured Document" permissions, but no "Change Structured Document" permission :( Andreas
Am Mon, 2002-08-19 um 11.46 schrieb Andreas Kostyrka:
Hi!
I've been trying to define a staff role, which is basically a Manager that can create/edit/delete 2 kinds of objects (OrderedFolder, Structured Document).
Now I'm getting a funny behaviour: My test user can access the "/manage" Frameset, but instead of the contents pane, the user gets the website rendered. (The frameset contains the link to manage_workspace, but this seems to be redirected to index_html :( ) So which permission do I need to set, that the "staff" role may really see the management screens? Additionally, I now have given my "staff" role all permissions (visible at the tab), and I still get a redirect to index_html:
HTTP Anforderung gesendet, warte auf Antwort... 1 HTTP/1.1 302 Moved Temporarily 2 Date: Mon, 19 Aug 2002 12:53:30 GMT 3 Server: Apache/1.3.12 (Unix) 4 Bobo-Exception-File: /home/andreas/new.detox.at/lib/python/App/Management.py 5 Bobo-Exception-Line: 80 6 Bobo-Exception-Type: Redirect 7 Bobo-Exception-Value: http://new.detox.at/index_html 8 X-Powered-By: Zope (www.zope.org), Python (www.python.org) 9 Vary: Authorization 10 Location: http://new.detox.at/index_html 11 Content-Length: 0 12 Keep-Alive: timeout=15, max=100 13 Connection: Keep-Alive 14 Content-Type: application/x-httpd-cgi Platz: http://new.detox.at/index_html[folge] --14:53:16-- http://new.detox.at/index_html => `index_html' Verbindungsaufbau zu new.detox.at[193.53.80.3]:80... verbunden. HTTP Anforderung gesendet, warte auf Antwort... 1 HTTP/1.1 200 OK Andreas
Andreas Kostyrka writes:
I've been trying to define a staff role, which is basically a Manager that can create/edit/delete 2 kinds of objects (OrderedFolder, Structured Document).
Now I'm getting a funny behaviour: My test user can access the "/manage" Frameset, but instead of the contents pane, the user gets the website rendered. This happens, when the user is not allowed to access any of the management tabs.
... Additionally it seems, that there are "Add Structured Document" permissions, but no "Change Structured Document" permission :( Then, you want to check by which permission the respective method is protected. Look at the source or use "DocFinder[EveryWhere]" with "ZopeSecurityPolicy=Python" (see mailing list archives for details).
Dieter
Am Mon, 2002-08-19 um 22.35 schrieb Dieter Maurer:
Andreas Kostyrka writes:
I've been trying to define a staff role, which is basically a Manager that can create/edit/delete 2 kinds of objects (OrderedFolder, Structured Document).
Now I'm getting a funny behaviour: My test user can access the "/manage" Frameset, but instead of the contents pane, the user gets the website rendered. This happens, when the user is not allowed to access any of the management tabs. Well, this cannot be, I've clicked ALL permissions on the Security Tab of the Root folder of this vhost. When I change the role back to manager, the user is able to see the management interface. When I change the role of the user to staff (which has all permissions), I see index_html. (If you have trouble to believe me, I can add an account for you ;) )
... Additionally it seems, that there are "Add Structured Document" permissions, but no "Change Structured Document" permission :( Then, you want to check by which permission the respective method is protected. Look at the source or use "DocFinder[EveryWhere]" with "ZopeSecurityPolicy=Python" (see mailing list archives for details). I'll look for it :)
Andreas
participants (2)
-
Andreas Kostyrka -
Dieter Maurer