[Zope] Security problem i 2.2 final - Bug?

Peter Arvidsson peter@innodev.com
Wed, 19 Jul 2000 12:06:06 +0200 

Hi

Thanks for the tip. I gave the method the correct roles but unfortunatelty the
problem still exists.

Peter

Pierre Rougier skrev:

> Hi  :)
> I may say something idiot, but...
>
> Did u try to change the proxy roles of the method which call the fonction
> manage_editProperties?
> (in case of: to do it, edit your method and choose proxy at the top of the
> window), u can edit the role of your method.
>
> Piotr.
>
> Peter Arvidsson wrote:
>
> > I have a very anoying problem...
> >
> > I have created a news-product and have several news-objects. Now I want
> > to change the properties of a news-object. This is my code for that:
> >
> > <dtml-with "newsEntries">
> > <dtml-call "_[objId].propertysheets[1].manage_editProperties(
> >                  header=REQUEST['header'],
> >                  date=REQUEST['date'],
> >                  author=REQUEST['author'],
> >                  email=REQUEST['mail'],
> >                  text=REQUEST['text'],
> >                  )">
> >
> >   </dtml-with>
> >
> > 'newsEntries' is the folder where I store my news-objects.
> > 'objId' is the id of the product as a string.
> >
> > Everytime I try to change properties a login prompt is displayed. The
> > problem is that I get access denied whoever I login as. My user has the
> > same permissions as the superuser and even when I login as the superuser
> > I get access denied. I have changed so that I am the owner of both the
> > product 'news' and the news objects, the methods that I use and the
> > folders that my objects and methods are in. I really dont know what this
> > problem could be. I thought these problems was supposed to be resolved
> > for 2.2 final but maybe there are some bugs left? I dont get this
> > problem when I run the code in 2.1.6.
> >
> > I have also tried different possibilities in the code, I have both used
> > changeProperties and editProperties. I have also tried to write the name
> > of the propertysheet instead of '[1]' but everything renders the same
> > problem.
> >
> > Really beacause I am the owner of everything and I have the same rights
> > as the superuser I dont think I should be "unauthorized" to change my
> > objects. I have no problem to add and to delete these objects so why
> > cant I change them?
> >
> > _______________________________________________
> > Zope maillist  -  Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists -
> >  http://lists.zope.org/mailman/listinfo/zope-announce
> >  http://lists.zope.org/mailman/listinfo/zope-dev )