[Zope] ZClass permissions

Tom Nixon tom.nixon@aim23.com
Thu, 14 Feb 2002 17:49:52 -0000 

Thanks for your help, Ross.

Here's the traceback. Are there any clues? I don't really understand
what I am looking at.

Traceback (innermost last):
  File C:\PROGRA~1\Zope\lib\python\ZPublisher\Publish.py, line 150, in
publish_module
  File C:\PROGRA~1\Zope\lib\python\ZPublisher\Publish.py, line 114, in
publish
  File C:\PROGRA~1\Zope\lib\python\Zope\__init__.py, line 158, in
zpublisher_exception_hook
    (Object: test)
  File C:\PROGRA~1\Zope\lib\python\ZPublisher\Publish.py, line 98, in
publish
  File C:\PROGRA~1\Zope\lib\python\ZPublisher\mapply.py, line 88, in
mapply
    (Object: editArticle)
  File C:\PROGRA~1\Zope\lib\python\ZPublisher\Publish.py, line 39, in
call_object
    (Object: editArticle)
  File C:\PROGRA~1\Zope\lib\python\OFS\DTMLMethod.py, line 127, in
__call__
    (Object: editArticle)
  File C:\PROGRA~1\Zope\lib\python\DocumentTemplate\DT_String.py, line
473, in __call__
    (Object: editArticle)
  File C:\PROGRA~1\Zope\lib\python\DocumentTemplate\DT_Util.py, line
153, in eval
    (Object: form.header())
    (Info: form)
  File C:\PROGRA~1\Zope\lib\python\AccessControl\DTML.py, line 29, in
guarded_getattr
    (Object: editArticle)
  File C:\PROGRA~1\Zope\lib\python\AccessControl\ZopeGuards.py, line 58,
in guarded_getattr
    (Object: test)
  File C:\PROGRA~1\Zope\lib\python\AccessControl\ZopeGuards.py, line 40,
in aq_validate
    (Object: test)
  File C:\PROGRA~1\Zope\lib\python\AccessControl\SecurityManager.py,
line 83, in validate
  File C:\PROGRA~1\Zope\lib\python\AccessControl\ZopeSecurityPolicy.py,
line 188, in validate
Unauthorized: (see above)

> -----Original Message-----
> From: zope-admin@zope.org [mailto:zope-admin@zope.org] On 
> Behalf Of Ross Patterson
> Sent: 14 February 2002 16:59
> To: Tom Nixon
> Cc: zope@zope.org
> Subject: RE: [Zope] ZClass permissions
> 
> 
> Do this:
> 
> Make sure your authenticated as a manager, i.e. that you can 
> view the management pages.  THEN try and view the "Edit" 
> management tab of your instance and click cancel when it 
> prompts you for authentication. You'll then get an error page 
> with a traceback in the source for the page.  The dtml 
> traceback will tell you what method you call in your dtml is 
> causing the problem.  Then you can try calling that method 
> directly and you can use that traceback to see where in that 
> method the problem is.  Then you can look at the source for 
> that method, go to the line number given in the method 
> traceback, and that should give you an indication what in 
> your ZClass the method is trying to access that it can't.  
> Then you can fix the problem in the Define Permissions ZClass 
> management tab.
> 
> But that would be the precise way that takes longer but 
> yields a greater understanding.  You could just map 
> permissions to themselves in the Define Permissions tab one 
> by one until it works.
> 
> On Thu, 14 Feb 2002, Tom Nixon wrote:
> 
> > Hi Ross
> >
> > The method contains the following code, copied straight from the 
> > Formulator HOWTO. Any ideas what permissions need to be set, and 
> > where?
> >
> > <dtml-var standard_html_header>
> >
> >       <!-- show the header of the form, using 'Form action' and
> >         'Form method' form settings (<form action="..." 
> method="...">)
> >         -->
> >       <dtml-var "form.header()">
> >
> >       <!-- a simple table for layout purposes -->
> >       <table border="0">
> >
> >       <!-- get a list of all fields in the form -->
> >       <dtml-in "form.get_fields()">
> >       <!-- rename each sequence item to 'field' so they can
> >            be used more easily -->
> >       <dtml-let field=sequence-item>
> >
> >       <!-- each field will be on a line by itself -->
> >       <tr>
> >       <!-- display the title property of this field -->
> >       <td><dtml-var "field.get_value('title')"></td>
> >       <!-- render the field -->
> >       <td><dtml-var "field.render()"></td>
> >       </tr>
> >
> >       </dtml-let>
> >       </dtml-in>
> >
> >       <!-- the submit button -->
> >       <tr>
> >       <td><input type="submit" value=" OK "></td>
> >       </tr>
> >
> >       </table>
> >
> >       <!-- the form footer -->
> >       <dtml-var "form.footer()">
> >
> >       <dtml-var standard_html_footer>
> >
> >
> >
> > > -----Original Message-----
> > > From: Ross Patterson [mailto:rossp@ppc.ucsc.edu]
> > > Sent: 14 February 2002 16:13
> > > To: Tom Nixon
> > > Cc: zope@zope.org
> > > Subject: Re: [Zope] ZClass permissions
> > >
> > >
> > > I believe it depends on the actions the method is performing.  If 
> > > you look at (or post) the method actions, you can probably guess 
> > > what permission your zclass needs enabled. Then you can go to the 
> > > "Define Permissions" tab in your ZClass management screen 
> and enable 
> > > that permission, probably by mapping it to the very same 
> permission 
> > > in the list.
> > >
> > > On Thu, 14 Feb 2002, Tom Nixon wrote:
> > >
> > > > I have created a ZClass and a new View called "Edit" which
> > > displays a
> > > > DTML Method containing an automatically generated 
> Formulator form 
> > > > (both situated inside the ZClass).
> > > >
> > > > However when I create an instance of the ZClass then click
> > > the "edit"
> > > > view, I am prompted to enter my username and password.
> > > >
> > > > If I change the DTML method to a simple "Hello World"
> > > message it works
> > > > fine, so it seems to be something to do with the 
> Formulator form.
> > > >
> > > > Obviously there is a permission problem somewhere, but
> > > where should I
> > > > be looking?
> > > >
> > > > Zope Version  (Zope 2.5.0 (binary release, python 2.1, 
> win32-x86), 
> > > > python 2.1.2, win32) Python Version  2.1.2 (#31, Jan 15 2002,
> > > > 17:28:11) [MSC 32 bit (Intel)]
> > > >
> > > > System Platform  win32
> > > >
> > > > T.
> > > >
> > > >
> > > > _______________________________________________
> > > > Zope maillist  -  Zope@zope.org 
> > > > http://lists.zope.org/mailman/listinfo/zope
> > > > **   No cross posts or HTML encoding!  **
> > > > (Related lists -
> > > http://lists.zope.org/mailman/listinfo/zope-> announce
> > > >
> > > http://lists.zope.org/mailman/listinfo/zope-dev
> > > )
> > > >
> > >
> > > -----------------------------------------------------------------
> > > | Ross Patterson			rossp@cats.ucsc.edu	|
> > > | Programmer/Analyst			(831)459-2792	
> 	|
> > > | Physical Planning & Construction	
> Fax:(831)423-7436	|
> > > | UC Santa Cruz
> > > http:www2.ucsc.edu/ppc	|
> > > -----------------------------------------------------------------
> > >
> >
> >
> 
> -----------------------------------------------------------------
> | Ross Patterson			rossp@cats.ucsc.edu	|
> | Programmer/Analyst			(831)459-2792		|
> | Physical Planning & Construction	Fax:(831)423-7436	|
> | UC Santa Cruz				
> http:www2.ucsc.edu/ppc	|
> -----------------------------------------------------------------
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org 
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross 
> posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>