[Zope] "Access contents information" and SQL Methods; bug?
Brian Lloyd
Brian@digicool.com
Mon, 26 Jul 1999 09:23:58 -0400
> I have an interesting problem with a part of a site that needs to be
> limited to privileged editors. Let's call this role "Editor". The
> problem is, unless I give the "Access contents information" permission
> to the "Anonymous" role, SQL Method calls are not permitted, even if I
> give _all_ permissions to the "Editor" role.
>
> It's that curious? <!--#var AUTHENTICATED_USER--> equals to my editor
> user (defined in folder somewhere above the restricted folder), and
> <!--#var "AUTHENTICATED_USER.getRoles()"--> gives me ['Editor']. Btw,
> I've disabled acquisiton of permissions on the restricted folder.
>
> Unless I give "Access contents information" to "Anonymous", the
> following traceback is emitted when authentication fails:
>
> For now, I'll enable "Access contents information" for the "Anonymous"
> role, but in the long run I feel this is a bad solution.
>
> --
> Alexander Staubo
I think that this is a bug in permission registration. I've
added a fix that seems to do the trick in my test area - can
you try the following and let me know if this takes care of your
problem?:
In the file lib/python/Shared/DC/ZRDB/DA.py, add the line:
Globals.default__class_init__(DA)
...right after the definition of the DA class, and do a
restart. This should make sure that the permissions are
registered correctly.
Brian Lloyd brian@digicool.com
Software Engineer 540.371.6909
Digital Creations http://www.digicool.com