[Zope] Not authorised to assign proxy role

Ng Pheng Siong ngps@post1.com
Sun, 18 Feb 2001 23:08:56 +0800 

Hi,

I'm testing my GuardedFile product on Zope 2.3.0. Here's the blurb on
GuardedFile:

    A GuardedFile is a Zope File that is accessible by proxy only.

    When a GuardedFile is created, all acquired permissions are unset. A
    proxy role is created in its container with the sole permission "View".

    When the GuardedFile is deleted, its associated proxy role is also
    removed.

    In all other aspects GuardedFile behaves exactly like a File.


Suppose I have the following folder structure:

      root
      |- test
         |- guarded
    
Only "root" has acl_users.

I, as a regular user in "root"'s acl_users, create a GuardedFile called
"agf" in "guarded"; a proxy role "proxy_for_agf" is also created in
"guarded" by the product. The content of "agf" is just some text.

I then create a dtml method in "guarded" called "prox" thusly:

    <dtml-var agf>

I next try to assign to "prox" the proxy role "proxy_for_agf".
The idea is that "anonymous" can access "agf" only thru "prox".

I get the following error:

    You are not authorized to change prox because you do not have proxy
    roles. 

Traceback (innermost last):
  File /usr/local/home/ngps/pkg/zope230-py2/lib/python/ZPublisher/Publish.py, 
    line 222, in publish_module
  File /usr/local/home/ngps/pkg/zope230-py2/lib/python/ZPublisher/Publish.py, 
    line 187, in publish
  File /usr/local/home/ngps/pkg/zope230-py2/lib/python/Zope/__init__.py, 
    line 221, in zpublisher_exception_hook
    (Object: prox)
  File /usr/local/home/ngps/pkg/zope230-py2/lib/python/ZPublisher/Publish.py, 
    line 171, in publish
  File /usr/local/home/ngps/pkg/zope230-py2/lib/python/ZPublisher/mapply.py, 
    line 160, in mapply
    (Object: manage_proxy)
  File /usr/local/home/ngps/pkg/zope230-py2/lib/python/ZPublisher/Publish.py, 
    line 112, in call_object
    (Object: manage_proxy)
  File /usr/local/home/ngps/pkg/zope230-py2/lib/python/OFS/DTMLMethod.py, 
    line 351, in manage_proxy
    (Object: prox)
  File /usr/local/home/ngps/pkg/zope230-py2/lib/python/OFS/DTMLMethod.py, 
    line 342, in _validateProxy
    (Object: prox)
Forbidden: (see above)


This used to work in Zope 2.1.x. I didn't test GuardedFile for 2.2.x.

What has changed, and what can I do to achieve what I want?


Background: GuardedFile supports ZSmime, a product to generate
S/MIME-signed/encrypted messages; ZSmime provides a tag "dtml-smime". 

The private key required for S/MIME signature generation is stored as a
GuardedFile and the dtml method that invokes dtml-smime is assigned the
necessary proxy role to access the private key in said GuardedFile.

See http://www.post1.com/home/ngps/zsmime for more info.


TIA. Cheers.
-- 
Ng Pheng Siong <ngps@post1.com> * http://www.post1.com/home/ngps