[Zope] Not authorised to assign proxy role
Dieter Maurer
dieter@handshake.de
Tue, 20 Feb 2001 20:53:51 +0100 (CET)
Ng Pheng Siong writes:
> On Mon, Feb 19, 2001 at 12:05:05AM +0100, Dieter Maurer wrote:
> > Ng Pheng Siong writes:
> > > You are not authorized to change prox because you do not have proxy
> > > roles.
> > You want to give the object a proxy role, you yourself do not have.
>
> Aye, thanks. That was a simple fix, although it feels kludgy:
> Given the following folder structure:
>
> - root
> |- sub
>
> To do what I want, I needed to create a user folder in sub, add a user
> with same username, same password as the one in root, then assign the
> proxy role to the user in sub.
This should not be necessary.
I would expect two alternatives:
1. Move the role up to the root folder and give it there to the user
2. Give the user a "local role" in "sub".
> I'd imagine if a user is able to create proxy roles, he ought to be
> able to assign that role to a dtml method he manages. ;-|
From a usage point of view, I would agree.
It might make the security implementation more difficult however.
I am currently not sure, how proxy roles and owner roles play together.
If the effective roles are the intersection of the two
(as I think they are) then removing the restriction
would cause surprises on access.
Dieter