[Zope-PTK] Problem with LoginManager 8.5 and patched PTK
Steve Alexander
steve@cat-box.net
Fri, 26 May 2000 20:57:38 +0100
I've got Dan's patched PTKDemo product running.
(Sorry I missed your deadline for looking into stuff Dan...)
I've come across a problem related to traversal.
When a logged-in user of a Portal presses the "New..." button on the
MyStuff desktop page, the following URL gets called from that page's
form:
http://server.tld/..../portaldir/Members/username/Wizards
This is meant to request the /portaldir/Wizards URL, that will in turn
display /portaldir/Wizards/index_html, to give the list of available
wizards.
The problem is that, while a logged in user can view
portaldir/Wizards/index_html typed in as a URL into the browser, Zope
throws up a challenge-response dialog when that URL is acquired via
portaldir/Members/username/Wizards
I can get the wizards page to appead if I authenticate as an
overall-entire-zope manager.
If I cancel the dialog, I get the following error:
Zope Error
Zope has encountered an error while publishing this resource.
Unauthorized
You are not authorized to access this resource.
No Authorization header found.
Traceback (innermost last):
File /usr/local/zope/ZwopitZope/lib/python/ZPublisher/Publish.py, line
214, in publish_module
File /usr/local/zope/ZwopitZope/lib/python/ZPublisher/Publish.py, line
179, in publish
File /usr/local/zope/ZwopitZope/lib/python/ZPublisher/Publish.py, line
151, in publish
File /usr/local/zope/ZwopitZope/lib/python/ZPublisher/BaseRequest.py,
line 451, in traverse
File /usr/local/zope/ZwopitZope/lib/python/ZPublisher/HTTPResponse.py,
line 551, in unauthorized
Unauthorized: (see above)
I'm playing with bits of Zope source I've never touched before :-) to
try and see what is going on. I'm just hoping this might spark off some
insight in a LoginManager guru.
Are there any LoginManager instance settings I should be telling you
about?
--
Steve Alexander
Software Engineer
Cat-Box limited