[Zope] Not authorised to assign proxy role

Dieter Maurer dieter@handshake.de
Tue, 20 Feb 2001 20:53:51 +0100 (CET)


Ng Pheng Siong writes:
 > On Mon, Feb 19, 2001 at 12:05:05AM +0100, Dieter Maurer wrote:
 > > Ng Pheng Siong writes:
 > >  >     You are not authorized to change prox because you do not have proxy
 > >  >     roles. 
 > > You want to give the object a proxy role, you yourself do not have.
 > 
 > Aye, thanks. That was a simple fix, although it feels kludgy:
 > Given the following folder structure:
 > 
 > - root
 >   |- sub
 > 
 > To do what I want, I needed to create a user folder in sub, add a user
 > with same username, same password as the one in root, then assign the
 > proxy role to the user in sub.
This should not be necessary.

I would expect two alternatives:

 1. Move the role up to the root folder and give it there to the user

 2. Give the user a "local role" in "sub".

 > I'd imagine if a user is able to create proxy roles, he ought to be
 > able to assign that role to a dtml method he manages. ;-|
From a usage point of view, I would agree.

It might make the security implementation more difficult however.
I am currently not sure, how proxy roles and owner roles play together.

  If the effective roles are the intersection of the two
  (as I think they are) then removing the restriction
  would cause surprises on access.



Dieter