[ZCM] [ZC] 1779/ 6 Comment "workflow script proxy role does not
apply"
Collector: Zope Bugs, Features,
and Patches ...
zope-coders-admin at zope.org
Sat May 21 13:33:47 EDT 2005
Issue #1779 Update (Comment) "workflow script proxy role does not apply"
Status Pending, Zope/bug medium
To followup, visit:
http://www.zope.org/Collectors/Zope/1779
==============================================================
= Comment - Entry #6 by ajung on May 21, 2005 1:33 pm
The change in User.py was done based on this:
http://mail.zope.org/pipermail/zope/2005-March/157419.html
________________________________________
= Comment - Entry #5 by efge on May 13, 2005 12:28 pm
See also
http://mail.zope.org/pipermail/zope-cmf/2005-April/022152.html
that reported the problem in the list but never opened a bug.
________________________________________
= Comment - Entry #4 by mcdonc on May 12, 2005 5:38 pm
Tres says that this patch may be the culprit...
http://cvs.zope.org/Zope/lib/python/AccessControl/Attic/User.py.diff?r1=1.176.14.7&r2=1.176.14.8
Zero help in the checkin message for why it was introduced.
________________________________________
= Comment - Entry #3 by mcdonc on May 12, 2005 4:58 pm
Note that we did confirm that the owner of the script existed (we took ownership of the object via another just-created account).
________________________________________
= Comment - Entry #2 by mcdonc on May 12, 2005 4:57 pm
FWIW, I chatted about this in IRC with r33t and it does appear to be some sort of bug. The same configuration works in 2.7.3 and 2.7.4 but does not work in 2.7.5 and 2.7.6.
The suspicious things in changes.txt for 2.7.5 are:
- AccessControl/User.py: _check_context() has not been called
for authenticated users
- guarded_getattr: Restored ability to aquire "through" unprotected
contexts, broken through overzealous cleanup in Zope 2.7.3.
________________________________________
= Request - Entry #1 by r33t on May 12, 2005 4:39 pm
Uploaded: "checkTransition.py"
- http://www.zope.org/Collectors/Zope/1779/checkTransition.py/view
I have a workflow script which runs with proxy 'manager' and I get
the following error (VerboseSecurity):
"The owner of the executing script is defined outside the context of the object being accessed. The script has proxy roles, but they do not apply in this context.. Access to 'new_state' of (Products.DCWorkflow.Expression.StateChangeInfo instance at 0xb5e78aac) denied. Access requires Manage_portal_Permission, granted to the following roles: ['Manager']. The executing script is (PythonScript at /Intranet/portal_workflow/cmfi_workflow/scripts/checkTransition), owned by manager."
The error happens when the script tries to access state_change.new_state.
state_change.object can be accessed, no problem.
<PythonScript at /Intranet/portal_workflow/cmfi_workflow/scripts/checkTransition>
Line 15
> if state_change.new_state.id == 'pending':
the complete script is attached, bound names are : context, container, script, traverse_subpath, parameter list: state_change
The user manager (which is the owner) exists in the context (a plone instance). I also tried to take ownership with another user, still the same error. The script worked with Zope-2.7.4-final.
==============================================================
More information about the Zope-Collector-Monitor
mailing list