[Zope-dev] skinscript and URL traversal question
Aaron Payne
aaron@aaronpayne.com
Fri, 19 Jan 2001 09:05:06 -0500
At 05:02 PM 1/18/01 -0500, Phillip J. Eby wrote:
>At 08:54 AM 1/18/01 -0500, Aaron Payne wrote:
> >Hi all,
> >
> >I originally posted this to the zope list and, upon suggestion, I am
> >reposting it to zope-dev.
> >
> >I'm using a zsql method in a skinscript with query ... compute ... and it
> >mostly works. Retrieving the dataskin with getItem() works. For example,
> >Cid is the id of the coupon dataskin.
> ><dtml-with "getItem(Cid)">
> > <dtml-var couponattributes>
> ></dtml-with>
>
>This is probably a permissions issue. During __bobo_traverse__, the user
>has not yet been authenticated, and is effectively anonymous.
I was logged in as a manager.
>Thus, your
>SkinScript is running as anonymous, and probably doesn't have rights to
>access the SQL method.
>You might need to change the proxy roles setting on
>the SkinScript method so that when the SkinScript runs it always has
>appropriate roles to do what it needs to do.
I gave the skinscript trigger a proxy role of manager. Actually, I gave
all methods involved a proxy of manager. The same error was produced.
>The reason it would work from in a DTML method, is that when a DTML method
>runs, the user has already been authenticated, so the SkinScript runs with
>the user's rights, and they have rights to call the SQL method.
>
>If you run Zope in debug mode and do this, you should probably see some
>console output about an error in computing the WITH-COMPUTE statement when
>you try to run it via bobo_traverse. It'll probably say the SQL method is
>not found (because it doesn't have permissions to access it in that context).