[Zope] Calling script from script inside protected folder

Dylan Reinhardt Dylan@DylanReinhardt.com
Wed, 16 Oct 2002 00:23:47 -0700


The theory I'd try first is that the called script may be attempting to do 
something that Player permissions are not approved for.

Oddly enough, it's possible to grant permissions to Anonymous but still 
withhold them from groups that require authentication.  I'd double-check 
the permissions for any objects called by the second script to see if 
you've granted Anonymous permission without granting Player permission.

It's also possible that the called script may not have its permissions set 
to acquire settings from the parent folder.  Sounds like you would have 
noticed, though.

If time is short, an easy way to fix the problem is to grant the calling 
script the Manager proxy role.  But you only want to do that if you're 
certain that it's safe for all things done by the scripts to be done in 
that context.

Hope that helps...

Dylan

At 05:18 AM 10/16/2002 +0300, you wrote:
>I have Player role in my site, and Member folder, protected by the 
>following permissions:
>
>View
>[ ]Acquire
>[ ]Anonymous [x]Authenticated [x]Manager [x]Owner [x]Player
>
>Everything behaves like expected but if being Player (having roles 
>"Authenticated" and "Player" only) I am call Python Script from another 
>Python Script (both are located inside this protected folder), my browser 
>pops up Login Dialog and everything works only if I authenticate myself as 
>Manager or if I allow Anonymous to "View" this Python Script.
>
>Call looks like:
>
>user = context.Member.get_userdata()
>
>First thoughts were that I am not passing REQUEST or another security 
>related token to second script (get_userdata in this case). If I get 
>inside there (allowing Anonymous to View it), I am still having "Player" 
>role and none of security tokens lost, but I can't even access this second 
>script if it hasn't "Anonymous" View permission.
>
>Please tell me where I am wrong. This is black voodoo compared in 
>complexity with manual sendmail setup. URLs on Zope Security model 
>overview may also help.
>
>--
>Dmitry
>
>
>
>_______________________________________________
>Zope maillist  -  Zope@zope.org
>http://lists.zope.org/mailman/listinfo/zope
>**   No cross posts or HTML encoding!  **
>(Related lists - http://lists.zope.org/mailman/listinfo/zope-announce
>http://lists.zope.org/mailman/listinfo/zope-dev )