[Zope-CMF] Permissions bug?

Tres Seaver tseaver@zope.com
Sat, 15 Dec 2001 14:42:21 -0500


Dan Axline wrote:

> With Zope 2.4.1, CMF from CVS yesterday:
> 
> Give Anonymous user no permissions in Root folder.
> Add a CMF Site "E1" to root.
> Give Anonymous user all permissions in E1. (Or just the appropriate ones.)
> Logout of Zope management.
> Access http://myhost.anddomainhere.com:port/E1
> Barf the traceback below.
> 
> Log in to management.
> Give Anonymous appropriate permissions in Root folder. (Access Contents, 
> Mail password, Query Vocabulary, Search ZCatalog, Search ZCatalogIndex, 
> View)
> Remove Anonymous permissions in your new CMFSite "E1", and allow 
> Anonymous to inherit all permissions.
> Log out of management
> Access your CMF site again.

Dan,

First, sorry about the delay in replying;  your mail has been
on my list of things to answer for a bit now.

ZopeTime is a protected method of the root application object;
untrusted code which depends on it (as the CMF often does)
won't be able to execute unless you grant its permission
('Access contents information') to your viewers on the root object.


Tres.
-- 
===============================================================
Tres Seaver                                tseaver@zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com