[Zope] Security problem i 2.2 final - Bug?
Pierre Rougier
prougier@ina.fr
Wed, 19 Jul 2000 11:58:42 +0200
Hi :)
I may say something idiot, but...
Did u try to change the proxy roles of the method which call the fonction
manage_editProperties?
(in case of: to do it, edit your method and choose proxy at the top of the
window), u can edit the role of your method.
Piotr.
Peter Arvidsson wrote:
> I have a very anoying problem...
>
> I have created a news-product and have several news-objects. Now I want
> to change the properties of a news-object. This is my code for that:
>
> <dtml-with "newsEntries">
> <dtml-call "_[objId].propertysheets[1].manage_editProperties(
> header=REQUEST['header'],
> date=REQUEST['date'],
> author=REQUEST['author'],
> email=REQUEST['mail'],
> text=REQUEST['text'],
> )">
>
> </dtml-with>
>
> 'newsEntries' is the folder where I store my news-objects.
> 'objId' is the id of the product as a string.
>
> Everytime I try to change properties a login prompt is displayed. The
> problem is that I get access denied whoever I login as. My user has the
> same permissions as the superuser and even when I login as the superuser
> I get access denied. I have changed so that I am the owner of both the
> product 'news' and the news objects, the methods that I use and the
> folders that my objects and methods are in. I really dont know what this
> problem could be. I thought these problems was supposed to be resolved
> for 2.2 final but maybe there are some bugs left? I dont get this
> problem when I run the code in 2.1.6.
>
> I have also tried different possibilities in the code, I have both used
> changeProperties and editProperties. I have also tried to write the name
> of the propertysheet instead of '[1]' but everything renders the same
> problem.
>
> Really beacause I am the owner of everything and I have the same rights
> as the superuser I dont think I should be "unauthorized" to change my
> objects. I have no problem to add and to delete these objects so why
> cant I change them?
>
> _______________________________________________
> Zope maillist - Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope-dev )