[Zope] Re: Problem adding ZClass after upgrade to 2.7
Dieter Maurer
dieter at handshake.de
Thu Nov 18 14:08:56 EST 2004
Anthu Nguyen wrote at 2004-11-17 13:16 -0800:
> ...
>*Unauthorized*
> ...
> * Module OFS.DTMLMethod, line 123, in __call__
> *<DTMLMethod instance at ddfe30>*
> *URL: http://nwsops38.sfbay/header/manage_main*
> *Physical Path:*/header
> * Module DocumentTemplate.DT_String, line 474, in __call__
> * Module DocumentTemplate.DT_In, line 703, in renderwob
> * Module DocumentTemplate.DT_With, line 76, in render
> * Module Products.VerboseSecurity.VerboseSecurityPolicy, line 151,
> in validate
>
>Unauthorized: The container has no security assertions. Access to
>'title_or_id' of (FactoryDispatcher instance at e68510) denied. (Also,
>an error occurred while attempting to render the standard error message.)
This is very strange:
It is true that a "FactoryDispatcher"
("App.FactoryDispatcher.FactoryDispatcher") does not have
security assertions. But usually, it does not have a
"title_or_id" either. Therefore, it should not be relevant
with respect to "title_or_id" access that it lacks security assertions.
Maybe, it is a bug introduced with the security tighening introduced
in Zope 2.7.3 (there was some discussion about such a bug in the
mailing list (zope-dev, I think)).
You can try to add a "__role__ = None"
and maybe a "__allow_access_to_unprotected_subobjects__ = 1"
to the "FactoryDispatcher" class (--> "App/FactoryDispatcher.py")
to see whether the problem disappears.
These two attributes will provide security assertions for the
factory.
Your "header/manage_main" DTML Method seems a bit strange, too.
Why does it use a "dtml-in" and in it a "dtml-with" and in it
access to "title_or_id". This is somewhat unexpected in the
add form of a ZClass.
--
Dieter
More information about the Zope
mailing list