[Zope] Re: Problem adding ZClass after upgrade to 2.7

Dieter Maurer dieter at handshake.de
Thu Nov 18 14:08:56 EST 2004


Anthu Nguyen wrote at 2004-11-17 13:16 -0800:
> ...
>*Unauthorized*
> ...
>    * Module OFS.DTMLMethod, line 123, in __call__
>      *<DTMLMethod instance at ddfe30>*
>      *URL: http://nwsops38.sfbay/header/manage_main*
>      *Physical Path:*/header
>    * Module DocumentTemplate.DT_String, line 474, in __call__
>    * Module DocumentTemplate.DT_In, line 703, in renderwob
>    * Module DocumentTemplate.DT_With, line 76, in render
>    * Module Products.VerboseSecurity.VerboseSecurityPolicy, line 151,
>      in validate
>
>Unauthorized: The container has no security assertions. Access to
>'title_or_id' of (FactoryDispatcher instance at e68510) denied. (Also,
>an error occurred while attempting to render the standard error message.)

This is very strange:

  It is true that a "FactoryDispatcher"
  ("App.FactoryDispatcher.FactoryDispatcher") does not have
  security assertions. But usually, it does not have a
  "title_or_id" either. Therefore, it should not be relevant
  with respect to "title_or_id" access that it lacks security assertions.

  Maybe, it is a bug introduced with the security tighening introduced
  in Zope 2.7.3 (there was some discussion about such a bug in the
  mailing list (zope-dev, I think)).

You can try to add a "__role__ = None"
and maybe a "__allow_access_to_unprotected_subobjects__ = 1"
to the "FactoryDispatcher" class (--> "App/FactoryDispatcher.py")
to see whether the problem disappears.
These two attributes will provide security assertions for the
factory.


Your "header/manage_main" DTML Method seems a bit strange, too.
Why does it use a "dtml-in" and in it a "dtml-with" and in it
access to "title_or_id". This is somewhat unexpected in the
add form of a ZClass.

-- 
Dieter


More information about the Zope mailing list