[Zope-dev] skinscript and URL traversal question

Phillip J. Eby pje@telecommunity.com
Fri, 19 Jan 2001 09:38:41 -0500


At 09:05 AM 1/19/01 -0500, Aaron Payne wrote:
>At 05:02 PM 1/18/01 -0500, Phillip J. Eby wrote:
>>At 08:54 AM 1/18/01 -0500, Aaron Payne wrote:
>> >Hi all,
>> >
>> >I originally posted this to the zope list and, upon suggestion, I am
>> >reposting it to zope-dev.
>> >
>> >I'm using a zsql method in a skinscript with query ... compute ... and it
>> >mostly works. Retrieving the dataskin with getItem() works.  For example,
>> >Cid is the id of the coupon dataskin.
>> ><dtml-with "getItem(Cid)">
>> >   <dtml-var couponattributes>
>> ></dtml-with>
>>
>>This is probably a permissions issue.  During __bobo_traverse__, the user
>>has not yet been authenticated, and is effectively anonymous.
>
>I was logged in as a manager.

That would not make any difference.  As I said, when __bobo_traverse__ is
called, nobody is "logged in", because Zope hasn't gotten around to
checking who you are yet.


>>Thus, your
>>SkinScript is running as anonymous, and probably doesn't have rights to
>>access the SQL method.
>>You might need to change the proxy roles setting on
>>the SkinScript method so that when the SkinScript runs it always has
>>appropriate roles to do what it needs to do.
>
>I gave the skinscript trigger a proxy role of manager.  Actually, I gave 
>all methods involved a proxy of manager. The same error was produced.

What version of Zope are you using?