[Zope] Object Permissions

John Ziniti jziniti@speakeasy.org
Tue, 31 Jul 2001 16:14:11 -0400


Just for consistency, and in case anyone ever does a search ...

This problem was due to the fact that /acl_users was replaced by
an LDAPAdapter.  LDAPAdapter does not implement the BasicUserFolder
methods getUserById() and getUser() ... so these were being passed
to the superclass, which had no idea about the users in the LDAP
database.  Therefore, None was returned as the owner, which 
somehwere along the line, was translated into 'Anonymous'...

To fix the problem, a quick hack of a getUserById() method was
written for LDAPAdapter ... and Zope was restarted ... bingo !!!



On Mon, 30 Jul 2001 14:06:42 -0400
"John Ziniti" <john.ziniti@channing.harvard.edu> wrote:

> I have a short DTML Method  intended to handle file uploads
> to a folder.   In order for it to work, however, I need to enable
> "View" for Anonymous, which I don't want to do, or the file
> upload fails with "You are not authorized to access manage_addFile."
> (trace below) ...
> 
> As I've delved into this problem however, I have come to notice
> that the class <AccesControl.Owned.Owned>, believes this item is
> owned by the anonymous user, which it is definitely not.
> 
> Anyone have any idea on why this upload request is eventually made
> in the name of the Anonymous?
> 
> Where is the method manage_addFile?
> 
> Any ideas that might help?
> 
> Thanks in advance
> 
> John Ziniti
> 
> An error was encountered while publishing this resource.
> 
> Unauthorized
> 
> You are not authorized to access manage_addFile.
> Traceback (innermost last):
>   File /u01/zope/Zope-2.3.3-src/lib/python/ZPublisher/Publish.py, line 223,
> in publish_module
>   File /u01/zope/Zope-2.3.3-src/lib/python/ZPublisher/Publish.py, line 187,
> in publish
>   File /u01/zope/Zope-2.3.3-src/lib/python/ZPublisher/Publish.py, line 171,
> in publish
>   File /u01/zope/Zope-2.3.3-src/lib/python/ZPublisher/mapply.py, line 160,
> in mapply
>     (Object: post_new_document)
>   File /u01/zope/Zope-2.3.3-src/lib/python/ZPublisher/Publish.py, line 112,
> in call_object
>     (Object: post_new_document)
>   File /u01/zope/Zope-2.3.3-src/lib/python/OFS/DTMLDocument.py, line 189, in
> __call__
>     (Object: post_new_document)
>   File /u01/zope/Zope-2.3.3-src/lib/python/DocumentTemplate/DT_String.py,
> line 540, in __call__
>     (Object: post_new_document)
>   File /u01/zope/Zope-2.3.3-src/lib/python/DocumentTemplate/DT_Let.py, line
> 149, in render
>     (Object:
> fname="_.string.split(REQUEST.form['new_upload'].filename,'\\')[-1]")
>   File /u01/zope/Zope-2.3.3-src/lib/python/DocumentTemplate/DT_With.py, line
> 151, in render
>     (Object: Items)
>   File /u01/zope/Zope-2.3.3-src/lib/python/DocumentTemplate/DT_Util.py, line
> 333, in eval
>     (Object: manage_addFile(_['fname'], REQUEST.form['new_upload'],
> REQUEST=REQUEST))
>     (Info: manage_addFile)
>   File /u01/zope/Zope-2.3.3-src/lib/python/OFS/DTMLMethod.py, line 261, in
> validate
>     (Object: post_new_document)
>   File /u01/zope/Zope-2.3.3-src/lib/python/AccessControl/SecurityManager.py,
> line 144, in validate
>   File
> /u01/zope/Zope-2.3.3-src/lib/python/AccessControl/ZopeSecurityPolicy.py,
> line 206, in validate
> Unauthorized: (see above)
> "
> 
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
> 


-- 
John Ziniti
Channing Laboratory
Brigham and Women's Hospital
181 Longwood Avenue
Brookline, MA 02115
john.ziniti@channing.harvard.edu