[Zope] Security problem i 2.2 final - Bug?
Peter Arvidsson
peter@innodev.com
Wed, 19 Jul 2000 09:24:58 +0200
I have a very anoying problem...
I have created a news-product and have several news-objects. Now I want
to change the properties of a news-object. This is my code for that:
<dtml-with "newsEntries">
<dtml-call "_[objId].propertysheets[1].manage_editProperties(
header=REQUEST['header'],
date=REQUEST['date'],
author=REQUEST['author'],
email=REQUEST['mail'],
text=REQUEST['text'],
)">
</dtml-with>
'newsEntries' is the folder where I store my news-objects.
'objId' is the id of the product as a string.
Everytime I try to change properties a login prompt is displayed. The
problem is that I get access denied whoever I login as. My user has the
same permissions as the superuser and even when I login as the superuser
I get access denied. I have changed so that I am the owner of both the
product 'news' and the news objects, the methods that I use and the
folders that my objects and methods are in. I really dont know what this
problem could be. I thought these problems was supposed to be resolved
for 2.2 final but maybe there are some bugs left? I dont get this
problem when I run the code in 2.1.6.
I have also tried different possibilities in the code, I have both used
changeProperties and editProperties. I have also tried to write the name
of the propertysheet instead of '[1]' but everything renders the same
problem.
Really beacause I am the owner of everything and I have the same rights
as the superuser I dont think I should be "unauthorized" to change my
objects. I have no problem to add and to delete these objects so why
cant I change them?