[Zope] Scripts and permissions
Dieter Maurer
dieter@handshake.de
Thu, 9 Jan 2003 23:26:13 +0100
Timo Weggen wrote at 2003-1-9 11:19 +0100:
> hello, this is my first post this list.
> Im am using:
> (Zope 2.5.0 (source release, python 2.1, linux2) [SuSE Linux], python 2.2.0, linux2)
> and have the following question:
>
> Given that folder hierarchy:
> root
> +my_domain
> +scripts
> +generate_link (Python script)
> +projects
> +fooproject
> +index_html (DTML document)
> where everything but my_domain/p rojects/fooproject/index_html
> is owned by admin, only my_domain/projects/fooproject/index_html
> is owned by some standard user (Authenticated role).
Ownership is essential only in the second place.
The permissions and roles are more essential.
> ...
> Error Type: Unauthorized
> Error Value: You are not allowed to access devserv_link in this context
> ...
> Traceback
> ...
> File /opt/zope/lib/python/OFS/DTMLMethod.py, line 151, in validate (Object: index_html) Unauthorized: You are not allowed to access generate_link in this context
This error message looks a bit confusing.
Above, "devserv_link" access is unauthorized, below its "generate_link".
Are you sure, that you got really this message?
(Tracebacks usually have embedded newslines, unlike in your quotation)
> Every folder has at least View and Access contents information set.
... granting access for the user for whom the access was denied?
Where (in what "acl_users") is the user defined.
It can access non public objects only in the subhierarchy governed
by this "acl_users".
> What else can be required?
> (The script call even fails if it only consists of return "foo")
You can try Shane's product "VerboseSecurity". It
facilitates analysis of authorzation problems.
Dieter