[Zope-CMF] Plone/CMF/Zope security question

alienoid alienoid <alienoid@is.lg.ua>
Sun, 8 Sep 2002 23:03:56 +0300 

Hello zope-cmf users,

I need your help with security question.
I've already asked it and Chris gave some info, but I need more
details about this problem. I'll try to be as detailed as possible.

In a root zope folder there is 'intranet' Plone site '/intranet'.
Inside 'intranet' I have created usual folder from ZMI - 'billing'.
Structure of 'billing' folder:
billing
   scripts (folder with py scripts)
   sql (folder with sql methods and stored procedures)
   index_html
   (here come diff. zpt pages)

I have user 'test' of plone site.

I want that only Members of plone site could access 'billing' folder
and underneath. So on 'billing' security tab I map(check) View permission to
role Member and uncheck 'Acquire permission settings' from View.
When I try to access 'billing'
as http://server:8080/intranet/billing I get Plone page that asks to
login - 'test' login and it's password are accepted and I'm in Plone
site now. I made so that index_html page under 'billing' shows sidebar
with link to http://server:8080/intranet/billing/add_client_form, but
when I try to click on this link zope login box pops up and asks to
enter login and password. Trying to use login and password of member
'test' fails. Then I do next: on 'billing' security tab I map(check) View permission to
role 'Authenticated'. After this link to
http://server:8080/intranet/billing/add_client_form begins to work and
login box doesn't pop up. And more interesting begins when I try to
submit this form. This form uses scripts from 'scripts' folder and
stored procedures from 'sql' folder. But when I try to submit the form
zope login box pops up and asks to enter login and password, when I
press 'Cancel' I get:

Error Type  Unauthorized

Error Message

Error Value You are not allowed to access is_login_in_use in this context


And 'is_login_in_use' - is a stored procedure, that lays in 'sql'
folder below 'billing'.
I really can't understand where to dig. I'm stuck.

Your help is very, very appreciated.
Thanks in advance.

P.S. RH7.2 + Zope2.5.1 + CMF1.3 + Plone 1.0a2

-- 
Best regards,
 alienoid                          mailto:alienoid@is.lg.ua