[Zope] user account defined outside context of object being
accessed
Kees de Brabander
cj.de.brabander at hccnet.nl
Fri Dec 16 03:16:39 EST 2005
----- Original Message -----
From: "Dieter Maurer" <dieter at handshake.de>
To: "Kees de Brabander" <cj.de.brabander at hccnet.nl>
Cc: <zope at zope.org>
Sent: Thursday, December 15, 2005 5:54 PM
Subject: Re: [Zope] user account defined outside context of object being
accessed
> Kees de Brabander wrote at 2005-12-13 22:40 +0100:
> > ...
> > Module AccessControl.ImplPython, line 449, in validate
> > Module AccessControl.ImplPython, line 774, in raiseVerbose
> >Unauthorized: Your user account is defined outside the context of the
object
> >being accessed. Access to 'f1_index' of (Folder at /f1), acquired
through
> >(Folder at /f1/f11/f111), denied. Your user account, user1, exists at
> >/f1/f11/acl_users. Access requires one of the following roles:
> >['Authenticated', 'Manager', 'Owner', 'student'].
>
> A user defined in "/f1/f11/acl_users" tries to access the protected
> "/f1/f1_index". This is not allowed by Zope security system:
> a user defined in a user folder can only access protected objects
> "governed" by this user folder.
>
> In your case, all objects at or below "/f1/f11" is governed by
> your user folder ("/f1/f11/acl_users"). "/f1/f1_index" does not lie
> within this hierarchy and is therefore not governed.
I am painfully aware now that this is the case, at least starting from zope
2.7.8. I have not tested all versions of zope, but at least up to 2.7.3 zope
had no problem with such a set up.
More information about the Zope
mailing list