[Grok-dev] Re: Using z3c.jsonrpc with grok and ForbiddenAttribute issues

Philipp von Weitershausen philipp at weitershausen.de
Sat May 31 03:53:37 EDT 2008


Jan-Wijbrand Kolman wrote:
> Calvin Hendryx-Parker wrote:
> snip
>> The error seems to happen as it starts to traverse my application and 
>> it doesn't even get to my Note instance which is a few levels down the 
>> path.
>>
>> What ZCML voodoo am I missing to allow me to use z3c.jsonrpc with my app?
> 
> Isn't this more about not having granted the right permissions to the 
> user that is accessing these jsonrpc views? Does your use indeed "have" 
> the "brnf.notes" permission?

No. If the user were lacking the right permission, you'd get an 
Unauthorized exception. A ForbiddenAttribute error is *always* the sign 
of either

a) missing security declarations for something that should be allowed to 
be accessed

b) or you're accessing something that's you really shouldn't be accessing.


More information about the Grok-dev mailing list