[Zope] security changes from 2.5 -> 2.6?
Rob Miller
ra@burningman.com
Sun, 2 Mar 2003 19:21:19 -0800
hi there,
i'm trying to migrate a plone project from zope 2.5.1 to zope 2.6.1.
the app relies heavily on database driven local roles information, for
which we're using zpatterns and loginmanager.
so we've created these custom plone folders called 'teamfolders'.
these folders are dataskins, and they override get_local_roles() and
get_local_roles_for_userid(), returning the appropriate responses based
on the team membership information that is in the database. similarly,
in our user class, we've overridden getRolesInContext().
in zope 2.5.1 this all works beautifully. zope recognized the local
roles and allows access accordingly. even the 'local_roles' link on
the security tab still works, although it doesn't allow you to delete
the local roles that originate from the database.
when i import my product into 2.6.1, however, things don't work as
smoothly. everything looks like it should work... the local roles page
still displays the right information. a test page that i've written
consistently displays the expected results for here.get_local_roles()
and here.get_local_roles_for_userid(), as well as
user.getRolesInContext(). but zope doesn't allow the access based on
this information. that is, even when 'teammember' is showing up on the
user's local roles list, zope isn't allowing the user to perform
actions that should be allowed to 'teammember'.
has something changed within zope's security implementation? is there
a new method that needs to be overridden that i don't know about? does
anyone have any other ideas why this might be happening? i've searched
on the zope.org site and the mailing lists to no avail... any info
anyone can provide would be greatly appreciated!
thanks!
-r