[Zope] Sudden authentication problem

[Dieter Maurer]

Dunigan, Craig writes:
 > ....
 > Users login with this DTML method:
 > 
 > <dtml-let userid="REQUEST['AUTHENTICATED_USER'].getUserName()">
 > <dtml-call expr="RESPONSE.redirect('/base/People/' + _['userid'])">
 > </dtml-let>
 > 
 > which forces a login and points them to their home folders, in a folder
 > called "People."
We do not see that a login is forced.
But you are sure, it is?

 > ....
 >     (Object: Catalog({'meta_type':'Yihaw Folder'}))
 >   File /opt/Zope/ZopeInst/lib/python/DocumentTemplate/DT_Util.py, line 334,
 > in eval
 >     (Object: REQUEST['AUTHENTICATED_USER'].has_permission('Add EW Nav
 > Links', REQUEST.resolve_url(BASE0+getpath(data_record_id_))))
 >     (Info: BASE0)
 >   File <string>, line 0, in ?
 >   File /opt/Zope/ZopeInst/lib/python/ZPublisher/HTTPRequest.py, line 724, in
 > resolve_url
 > Unauthorized: (see above)
Your catalog contains something that can not be accessed by your user.

 > ...
 > But from this, I read that AUTHENTICATED USER doesn't have the permission
 > 'Add EW Nav Links' (our own concotion, obviously)
I do not think so.
"Add EW Nav Links" is the permission that you want to test for.
But the "Unauthorized" exception is already raised when
the catalogued object is looked up.
I do not know precisely, how "resolve_url" works.
Maybe, it checks access rights on its way down to the object.
Then, a folder to the object may not be accessible for your
user.

 > lacks that permission in 'BASE0+getpath(data_record_id),'  which I presume
 > evaluates to the current folder?  Each user has a local role of Manager in
 > his/her own folder, which I thought is what the current folder would be.
Do you have a catalog in each of these folders or is there a
global catalog. With a global catalog, it is well possible
that it contains something inaccessible for some users.


Dieter