[Zope] Problems with assigning proxy roles to a python script
Geir Bækholt
Geir Bækholt
Sat, 21 Jun 2003 20:12:18 +0200
On Sat, 21 Jun 2003 18:00:11 +0100 GMT (..19:00 where i live(GMT+2) )
Matt Patterson asked the Zope mailinglist about the following:
> Hello,
> I've been working on my first major project with Zope and I need to
> allow members of the public to register with the site (which gets them
> an entry in acl_users, and a very restricted role).
> I know that I need to use a proxy role to make the script work - giving=
> it manage users privileges. I created a role, adduser, which only had
> the 'manage users' privilege. When I tried to assign this role as a
> proxy role to the add-a-user script I got the following error:
> You are not authorized to change addUserScript because you do not have
> proxy roles. (Also, an error occurred while attempting to render the
> standard error message.)
That error message is not very well-worded. It really means that
*you*, the user assigning the proxy-role cannot assign roles you don't
have yourself.
So, if you set your manager-user up with the "adduser" role, you can
freely asssign adduser-proxies whereever you like.
but there is no danger related to assigning the "manager" role to the
script if no non-managers are allowed to edit it.
You can read more about roles and proxies here :
http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Security.stx
:)
--
Geir Bækholt