[Zope] NUXUserGroups Zope security

Sion Morris s.morris@bangor.ac.uk
Mon, 22 Jul 2002 10:03:39 +0100 

--Apple-Mail-1--370704289
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed

On Sunday, July 21, 2002, at 05:23  pm, Florent Guillaume wrote:

> In article <109986E0-983C-11D6-84BA-000393876536@bangor.ac.uk> you 
> write:
>> On Monday, July 15, 2002, at 10:38  pm, Chris Withers wrote:
>>> Sion Morris wrote:
>>>>
>>>> This is what I'm attempting to use here:
>>>>
>>>> group=context.acl_users.getGroupById('OMT') #where 'OMT' is the name 
>>>> of
>>>> the group.
>>>> users = group.getUsers()
>>>> return users
>>>>
>>>> except  an error is raised: "Error Value: You are not allowed to 
>>>> access
>>>> getUsers in this context"!
>>>
>>> Does the person executing this script have the 'Manage Users'
>>> permission? If
>>> not, have you tried giving the script a proxy role which has this
>>> permission?
>>
>> The script returns the same error when executed by a user with manager
>> role and when the script has the manager proxy role.
>>
>> I'm stumped.
>
> Can you try to add a
>     security.declareObjectProtected(ManageUsers)
> just after the
>     security = ClassSecurityInfo()
> in the BasicGroup class ? (in UserFolderWithGroups.py)
>
> Tell me if it works for you.

It doesn't make a different. I still get the same error.

I've also tried adding the declareObjectProtected on the Group class and 
that didn't work either.

Changing the security declaration for the getUsers method in class Group 
to security.declarePublic('getUsers') works as expected though.

Sion


--Apple-Mail-1--370704289
Content-Transfer-Encoding: 7bit
Content-Type: text/enriched;
	charset=US-ASCII

On Sunday, July 21, 2002, at 05:23  pm, Florent Guillaume wrote:


<excerpt>In article
<<109986E0-983C-11D6-84BA-000393876536@bangor.ac.uk> you write:

<excerpt>On Monday, July 15, 2002, at 10:38  pm, Chris Withers wrote:

<excerpt>Sion Morris wrote:

<excerpt>

This is what I'm attempting to use here:


group=context.acl_users.getGroupById('OMT') #where 'OMT' is the name of

the group.

users = group.getUsers()

return users


except  an error is raised: "Error Value: You are not allowed to access

getUsers in this context"!

</excerpt>

Does the person executing this script have the 'Manage Users' 

permission? If

not, have you tried giving the script a proxy role which has this 

permission?

</excerpt>

The script returns the same error when executed by a user with manager 

role and when the script has the manager proxy role.


I'm stumped.

</excerpt>

Can you try to add a

    security.declareObjectProtected(ManageUsers)

just after the

    security = ClassSecurityInfo()

in the BasicGroup class ? (in UserFolderWithGroups.py)


Tell me if it works for you.

</excerpt>

It doesn't make a different. I still get the same error.


I've also tried adding the
<color><param>0000,0000,DEDE</param>declareObjectProtected on the
Group class and that didn't work either.</color>


Changing the security declaration for the getUsers method in class
Group to security.declarePublic('getUsers') works as expected though.


Sion



--Apple-Mail-1--370704289--