[Grok-dev] Re: Using z3c.jsonrpc with grok and ForbiddenAttribute
issues
Philipp von Weitershausen
philipp at weitershausen.de
Sat May 31 03:53:37 EDT 2008
Jan-Wijbrand Kolman wrote:
> Calvin Hendryx-Parker wrote:
> snip
>> The error seems to happen as it starts to traverse my application and
>> it doesn't even get to my Note instance which is a few levels down the
>> path.
>>
>> What ZCML voodoo am I missing to allow me to use z3c.jsonrpc with my app?
>
> Isn't this more about not having granted the right permissions to the
> user that is accessing these jsonrpc views? Does your use indeed "have"
> the "brnf.notes" permission?
No. If the user were lacking the right permission, you'd get an
Unauthorized exception. A ForbiddenAttribute error is *always* the sign
of either
a) missing security declarations for something that should be allowed to
be accessed
b) or you're accessing something that's you really shouldn't be accessing.
More information about the Grok-dev
mailing list