[Zope] Re: ZClasses and Permissions (Zope Collector 444)

[Dieter Maurer]

Please stay on the mailing list!

  I do not want to become a private consultant!

Brent Hendricks writes:
 > ...
 > The situation is this:  My ZClass contains a script (called renameFiles) 
 > that calls manage_renameObjects.  I'd like anyone who can View that 
 > script to be able to run it correctly. I first tried setting a proxy 
 > role of Manager on the script, but that didn't work.
The reason is almost surely a bug in "manage_pasteObject". It does not
honour "execution permissions" such as proxy roles.

 > Digging into the 
 > Zope code a bit, I discovered that manage_renameObjects falls under the 
 > "View management screens" permission,
Almost surely, your problem is not caused by a missing permission
on "manage_renameObjects" itself, but inside "manage_pasteObjects".
Cancel the browser login dialog and look at the traceback.
Where does the exception come from?

 > so I mapped that permission to 
 > "View" on the the ZClass "Define Permission" tab (ie.  View Management 
The "Define Permission" tab in the ZClass itself is ineffective.
It should be removed. I expect this is "Collector 444").

 > Screens in the left column, and View in the right).  This, however, also 
 > failed to work.  Next I tried doing the mapping on the "Security" tab of 
 > the script itself.  No go.
This may be able to map "View management screens" such that you can
access "manage_renameObjects", but probably "manage_pasteObjects"
still fails because the necessary permission (create permission)
is checked on the target ObjectManager.

Please check what access is really denied to you (as described above).

 > What is the "correct" thing to do?
Find out, what the real problem is.

Then, we can think about it again.


Dieter