[Zope-DB] restricted zsql permissions: there must be an easier way!

Toni Vicens toni_vicens at terra.es
Thu Jul 22 06:16:19 EDT 2004


Hi Chris,

Thank you for your answer!

I changed the proxy role of the script to manager and still get the same
error :-(

The ZPT code which generates the error is the following:

<div tal:define="adresses python:container.sql.getAddresses()"
tal:repeat="address addresses" tal:omit-tag="">
<strong tal:content="address/attribute1">First attribute in the
address</strong><br>
...
</div>

being getAddresses() the script with manager/owner proxy role which
calls the ZSQL method in the restricted folder, and attribute1 one of
the fields returned by the ZSQL method.

Any idea of what can be going on?

Cheers,
Toni.


On Thu, 2004-07-22 at 10:56, Chris Withers wrote:
> Toni Vicens wrote:
> > Then I have written a python script with “owner” proxy role with the
> > following code:
> 
> That should be Manager, not Owner.
> 
> > request = container.REQUEST
> > user = request.AUTHENTICATED_USER
> > regs = container.sql.restricted.my_zsql_method(user_id=user.getUserId())
> > 
> > The problem is that when I call this method from a Page Template I get
> > the following error:
> > Unauthorized: You are not allowed to access 'attribute1' in this
> > context.
> 
> I don't see "attribute1" in the code above, where is the code 
> originating that error?
> 
> cheers,
> 
> Chris



More information about the Zope-DB mailing list