[Zope] Permissions, roles and creating instance of ZClass

Jon Prettyman jprettyman@acm.org
23 Feb 2000 10:52:01 -0800


I have a Product/ZClass called UserProperties/UserPropertiesClass.

I have a folder Users which has mapped users with a role of
contentSubscriber to the permission ``Add UserPropertiess''.

I have an index_html file in Users that shows that an authenticated
user has the role contentSubscriber and shows that the authenticated
user has permission to ``Add UserPropertiess''.

<dtml-if "AUTHENTICATED_USER.has_permission('Add UserPropertiess',PARENTS[0])">
<p>Can Add UserPropertiess</p>
<dtml-else>
<p>Can NOT Add UserPropertiess</p>
</dtml-if>
<p>

When an authenticated user calls /Users/ they see Can Add
UserProperties.

When the user calls /Users/manage they see the managment screen, if
they select [ADD]UserProperities they get the login screen again.  The 
URL that is getting accessed is:
 /Users/manage_addProduct/UserProperties/UserPropertiesClass_factory
and the authentication is failing.

I'm using GenericUserFolder with cookie validation and it appears that 
my _gufauth cookie gets set and then deleted through this transaction.

-Jon