[Zope] Zope 2.2b2 security conundrum
Jay, Dylan
djay@lucent.com
Mon, 26 Jun 2000 11:15:06 +1000
I am playing with ZDP-Tools which are ZClassed based. When I try to add a
new object I get security failure.
<H2>Zope Error</H2>
<P>Zope has encountered an error while publishing this resource.
</P>
<P><STRONG>Unauthorized</STRONG></P>
You are not authorized to access <em>manage_editProperties</em>.
<!--
Traceback (innermost last):
File D:\PROGRA~1\Zope22\lib\python\ZPublisher\Publish.py, line 222, in
publish_module
File D:\PROGRA~1\Zope22\lib\python\ZPublisher\Publish.py, line 187, in
publish
File D:\PROGRA~1\Zope22\lib\python\ZPublisher\Publish.py, line 171, in
publish
File D:\PROGRA~1\Zope22\lib\python\ZPublisher\mapply.py, line 160, in
mapply
(Object: FAQQuestionClass_add)
File D:\PROGRA~1\Zope22\lib\python\ZPublisher\Publish.py, line 112, in
call_object
(Object: FAQQuestionClass_add)
File D:\PROGRA~1\Zope22\lib\python\OFS\DTMLMethod.py, line 168, in
__call__
(Object: FAQQuestionClass_add)
File D:\PROGRA~1\Zope22\lib\python\DocumentTemplate\DT_String.py, line
500, in __call__
(Object: FAQQuestionClass_add)
File D:\PROGRA~1\Zope22\lib\python\DocumentTemplate\DT_With.py, line 146,
in render
(Object: FAQQuestionClass.createInObjectManager(REQUEST['id'], REQUEST))
File D:\PROGRA~1\Zope22\lib\python\OFS\DTMLMethod.py, line 164, in
__call__
(Object: DocumentFolderClass_add_fragment_exec)
File D:\PROGRA~1\Zope22\lib\python\DocumentTemplate\DT_String.py, line
500, in __call__
(Object: DocumentFolderClass_add_fragment_exec)
File D:\PROGRA~1\Zope22\lib\python\DocumentTemplate\DT_Util.py, line 339,
in eval
(Object: propertysheets.Info.manage_editProperties(REQUEST))
(Info: REQUEST)
File <string>, line 0, in ?
File D:\PROGRA~1\Zope22\lib\python\DocumentTemplate\DT_Util.py, line 140,
in careful_getattr
File D:\PROGRA~1\Zope22\lib\python\OFS\DTMLMethod.py, line 187, in
validate
(Object: FAQQuestionClass_add)
File D:\PROGRA~1\Zope22\lib\python\AccessControl\SecurityManager.py, line
139, in validate
File D:\PROGRA~1\Zope22\lib\python\AccessControl\ZopeSecurityPolicy.py,
line 208, in validate
Unauthorized: (see above)
I figure this is due to the new security model. The user I am using doesn't
have Manager privlidges but has permission to add this object. I get the add
form however when I try to submit the above occurs. I think this might have
something to do with the ownership of FAQQuestionClass_add. However I can't
see who owns FAQQuestionClass_add. How is the new security model supposed to
work with ZClasses and how do I get round this problem so I can give a user
the ability to add a new object.