[Zope-dev] skinscript and URL traversal question

Phillip J. Eby pje@telecommunity.com
Thu, 18 Jan 2001 17:02:09 -0500


At 08:54 AM 1/18/01 -0500, Aaron Payne wrote:
>Hi all,
>
>I originally posted this to the zope list and, upon suggestion, I am 
>reposting it to zope-dev.
>
>I'm using a zsql method in a skinscript with query ... compute ... and it 
>mostly works. Retrieving the dataskin with getItem() works.  For example,
>Cid is the id of the coupon dataskin.
><dtml-with "getItem(Cid)">
>   <dtml-var couponattributes>
></dtml-with>

This is probably a permissions issue.  During __bobo_traverse__, the user
has not yet been authenticated, and is effectively anonymous.  Thus, your
SkinScript is running as anonymous, and probably doesn't have rights to
access the SQL method.  You might need to change the proxy roles setting on
the SkinScript method so that when the SkinScript runs it always has
appropriate roles to do what it needs to do.

The reason it would work from in a DTML method, is that when a DTML method
runs, the user has already been authenticated, so the SkinScript runs with
the user's rights, and they have rights to call the SQL method.

If you run Zope in debug mode and do this, you should probably see some
console output about an error in computing the WITH-COMPUTE statement when
you try to run it via bobo_traverse.  It'll probably say the SQL method is
not found (because it doesn't have permissions to access it in that context).