[Zope] users can't edit own pages

Ian McMeans imcmeans@shaw.ca
Thu, 30 May 2002 14:47:44 -0700


Hi, I'm getting an odd security issue. I imagine it comes from
misconfiguring something, because what is happening isn't the default
behavior.

I'm using CMF with plone. The issue is that users can't edit their own
pages. Each user has a folder in /Members, and the default page that plone
(or CMF?) generates for them is in their personal folder. They own that
default page as well as their /Members/name folder, but they aren't allowed
to modify either.

When I log in as a user and try to go into the editing view (at
/Members/membername/folder_contents), I get the error:
Unauthorized: You are not allowed to access listFolderContents in this
context

A few lines up the stacktrace, there is:
File C:\PROGRA~1\zope250\lib\python\Products\PageTemplates\ZRPythonExpr.py,
line 49, in __call__
    (Info: here.listFolderContents( contentFilter=filter))
  File Python expression "here.listFolderContents( contentFilter=filter)",
line 2, in f

Now, I can explicity allow them to list folder contents by settings the
security permissions (I have to enable listing for everyone in this case).
However, this seems to be hiding the real problem, and I don't know what
that problem is. Also, I don't want to have to enable every security setting
in /Members just to allow the users to modify their personal pages.