[Zope] Security problem i 2.2 final - Bug?

Peter Arvidsson peter@innodev.com
Wed, 19 Jul 2000 16:52:50 +0200 

Thats what I did .. same problem.

However when I installed a new 2.2 final and did exactly the same (same stuff, same
permissions) then it worked. There must be some problem with the upgrading...

Peter

Pierre Rougier skrev:

> Hi
>
> Just to see... try to give all the proxy roles to your method... (manager, owner
> and anonymous)... I had this problem, and it work like that....
>
> Pierre
>
> Peter Arvidsson wrote:
>
> > Hi
> >
> > Thanks for the tip. I gave the method the correct roles but unfortunatelty the
> > problem still exists.
> >
> > Peter
> >
> > Pierre Rougier skrev:
> >
> > > Hi  :)
> > > I may say something idiot, but...
> > >
> > > Did u try to change the proxy roles of the method which call the fonction
> > > manage_editProperties?
> > > (in case of: to do it, edit your method and choose proxy at the top of the
> > > window), u can edit the role of your method.
> > >
> > > Piotr.
> > >
> > > Peter Arvidsson wrote:
> > >
> > > > I have a very anoying problem...
> > > >
> > > > I have created a news-product and have several news-objects. Now I want
> > > > to change the properties of a news-object. This is my code for that:
> > > >
> > > > <dtml-with "newsEntries">
> > > > <dtml-call "_[objId].propertysheets[1].manage_editProperties(
> > > >                  header=REQUEST['header'],
> > > >                  date=REQUEST['date'],
> > > >                  author=REQUEST['author'],
> > > >                  email=REQUEST['mail'],
> > > >                  text=REQUEST['text'],
> > > >                  )">
> > > >
> > > >   </dtml-with>
> > > >
> > > > 'newsEntries' is the folder where I store my news-objects.
> > > > 'objId' is the id of the product as a string.
> > > >
> > > > Everytime I try to change properties a login prompt is displayed. The
> > > > problem is that I get access denied whoever I login as. My user has the
> > > > same permissions as the superuser and even when I login as the superuser
> > > > I get access denied. I have changed so that I am the owner of both the
> > > > product 'news' and the news objects, the methods that I use and the
> > > > folders that my objects and methods are in. I really dont know what this
> > > > problem could be. I thought these problems was supposed to be resolved
> > > > for 2.2 final but maybe there are some bugs left? I dont get this
> > > > problem when I run the code in 2.1.6.
> > > >
> > > > I have also tried different possibilities in the code, I have both used
> > > > changeProperties and editProperties. I have also tried to write the name
> > > > of the propertysheet instead of '[1]' but everything renders the same
> > > > problem.
> > > >
> > > > Really beacause I am the owner of everything and I have the same rights
> > > > as the superuser I dont think I should be "unauthorized" to change my
> > > > objects. I have no problem to add and to delete these objects so why
> > > > cant I change them?
> > > >
> > > > _______________________________________________
> > > > Zope maillist  -  Zope@zope.org
> > > > http://lists.zope.org/mailman/listinfo/zope
> > > > **   No cross posts or HTML encoding!  **
> > > > (Related lists -
> > > >  http://lists.zope.org/mailman/listinfo/zope-announce
> > > >  http://lists.zope.org/mailman/listinfo/zope-dev )
> >
> > _______________________________________________
> > Zope maillist  -  Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists -
> >  http://lists.zope.org/mailman/listinfo/zope-announce
> >  http://lists.zope.org/mailman/listinfo/zope-dev )