[Zope] zope 2.7: Unauthorized "in this context"

John Hunter jdhunter at ace.bsd.uchicago.edu
Tue Jun 7 10:52:38 EDT 2005


I recently upgraded my zope server to 2.7 and a product I wrote which
makes heavy use of Z-Classes is now broken.  This is a workflow site
for a course, and there are Course, Section, Student,
ProjectSubmission, etc as ZClasses.  To view the page at all students
undergo basic authentication.  When students want to submit some
homework (the have the "Add Project Submissions" Class Permission)
they click on a link like the following for the ProjectSubmission add
form

http://myserver.com/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm?project_id=A%20Proj&student_id=J%20Hunter

Where "J Hunter" is the Student, "S1" is the Section and "A Proj" is
the ProjectSubmission.  This was working fine until the upgrade, the
link took them to the ProjectSubmission_addForm and they could add
their submission.  After the upgrade, now they get another
authentication dialog box and after reentering their username and
password, they get the dialog box again, and then if they hit cancel
they get (verbose info below)


Traceback (innermost last):

    * Module ZPublisher.Publish, line 101, in publish
    * Module ZPublisher.mapply, line 88, in mapply
    * Module ZPublisher.Publish, line 39, in call_object
    * Module OFS.DTMLMethod, line 130, in __call__
      <DTMLMethod instance at 4128fef0>
      URL: http://srp.uchicago.edu/2005/Sections/B1/Amrita%20Arora/ProjectSubmission_addForm/manage_main
      Physical Path:/srp/2005/Sections/B1/Amrita Arora/ProjectSubmission_addForm
    * Module DocumentTemplate.DT_String, line 474, in __call__
    * Module DocumentTemplate.DT_With, line 76, in render

Unauthorized: You are not allowed to access 'mentor' in this context


"mentor" is a field in the StudentPropertySheet.
 
Interestingly, the same result occurs even if I enter a manager or
site-root username/password in the authentication dialog box.

I googled for the error message and found

  http://mail.zope.org/pipermail/zope-dev/2004-January/021501.html

Based on my read of this, I tried adding the "Manager" proxy role to
ProjectSubmission_addForm but this did not help.

Any ideas?  The add form and the verbose traceback are included below.
As I say, all was working fine until a server upgrade so I suspect
there is a recent zope feature that I am not handling properly.


Thanks,
JDH

Here is  DTML Method ProjectSubmission_addForm


<dtml-comment> -*- mode: dtml; dtml-top-element: "body" -*- </dtml-comment>
<dtml-var standard_html_header>

<dtml-with site_params_py mapping>
  <form action="ProjectSubmission_add_py" 
	method="post" enctype="multipart/form-data">
    <table <dtml-var form_table_params>>

      <dtml-var "form_table_header_dtml(_.None, _, 
	caption='Enter project submission information', num_columns=2)">

        <dtml-comment>

	<tr>
          <th <dtml-var form_table_th>>Email</th>
	  <td><input size=50 name="email" value="<dtml-var email>"></td>
        </tr>
</dtml-comment>


	<tr>
          <th <dtml-var form_table_th>>Mentor</th>
	  <td><input size=50 name="mentor" value="<dtml-var mentor>"></td>
        </tr>

	<tr>
          <th <dtml-var form_table_th>>Mentor email</th>
	  <td><input size=50 name="mentor_email" value="<dtml-var mentor_email>"></td>
        </tr>


	<tr>
          <th <dtml-var form_table_th>>File</th>
	  <td><input size=60 type="file" name="file_data"></td>
        </tr>

	<tr>
            <th <dtml-var form_table_th>>Title:</th>
	    <td><TEXTAREA WRAP="virtual" NAME="submission_title" 
		  ROWS=2 COLS=80 tabindex=1></TEXTAREA></td>
        </tr>

	<tr> 
            <th <dtml-var form_table_th>>Synopsis:</th>
	    <td><TEXTAREA WRAP="virtual" NAME="description" 
		  ROWS=10 COLS=80 tabindex=1></TEXTAREA></td>
        </tr>

	<tr>
            <th colspan=2 align=center>
            <input type="submit"  value="Upload Submission"></th>
        </tr>

      <dtml-comment>
	Note:hidden must come last, right before the </form> tag
      </dtml-comment>
      <input type="hidden" value="<dtml-var project_id>"
	     name="project_id">
      <input type="hidden" value="<dtml-var student_id>"
	     name="student_id">

      <input type="hidden" value=<dtml-var "REQUEST.get('REMOTE_ADDR')"> 
             name="remote_address" >


   </form>
</table>
<br><br>

</dtml-with>

<br><br>
<dtml-var standard_html_footer>





Time  	2005/06/07 09:54:55 GMT-5
User Name (User Id) 	student (student)
Request URL 	http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm
Exception Type 	Unauthorized
Exception Value 	You are not allowed to access 'mentor' in this context

Traceback (innermost last):

    * Module ZPublisher.Publish, line 101, in publish
    * Module ZPublisher.mapply, line 88, in mapply
    * Module ZPublisher.Publish, line 39, in call_object
    * Module OFS.DTMLMethod, line 130, in __call__
      <DTMLMethod instance at 411fb740>
      URL: http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/ProjectSubmission_addForm/manage_main
      Physical Path:/srp/jdh/Sections/S1/J Hunter/ProjectSubmission_addForm
    * Module DocumentTemplate.DT_String, line 474, in __call__
    * Module DocumentTemplate.DT_With, line 76, in render

Unauthorized: You are not allowed to access 'mentor' in this context

Display traceback as text

REQUEST
form
student_id	'J Hunter'
project_id	'A Proj'
cookies
tree-s	'eJzTyCkw5NLIKTDiClZ3hANPW3WuAmOuRKCECUjWFEU2EiRrBpY1B8laoMimg2QtwbKGBiBpQ0MkeeMgV5C8oRFXIhiA5I2R5bNDwfImEANMwQaYIRQ4hbnngxWYQw3QAwBNLzCv'
__cp	'x%DA%D3%60b%60%60%C8%04b%86hF%20%A1%C1%02%24%8AA%DCbf%10QTP%0C%121200-%E6%03%09d%96%A4%C6%17%24%16%25%E6%16%C7%17T%02%00%D9w%0A%F9'
_ZopeId	'88234626A13Ni1oME3c'
lazy items
SESSION	<bound method SessionDataManager.getSessionData of <SessionDataManager instance at 411e6ad0>>
other
URL5	'http://bace.bsd.uchicago.edu/srp/jdh/Sections'
URL4	'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1'
URL7	'http://bace.bsd.uchicago.edu/srp'
URL6	'http://bace.bsd.uchicago.edu/srp/jdh'
URL3	'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter'
URL2	'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct'
URL8	'http://bace.bsd.uchicago.edu'
AUTHENTICATED_USER	student
SERVER_URL	'http://bace.bsd.uchicago.edu'
AUTHENTICATION_PATH	'srp/jdh'
URL	'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm'
BASE9	'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm'
PUBLISHED	<DTMLMethod instance at 411fb740>
TraversalRequestNameStack	[]
BASE1	'http://bace.bsd.uchicago.edu'
BASE2	'http://bace.bsd.uchicago.edu/srp'
BASE3	'http://bace.bsd.uchicago.edu/srp/jdh'
BASE4	'http://bace.bsd.uchicago.edu/srp/jdh/Sections'
BASE5	'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1'
BASE6	'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter'
BASE7	'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct'
BASE8	'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course'
URL1	'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course'
URL0	http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm
URL1	http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course
URL2	http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct
URL3	http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter
URL4	http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1
URL5	http://bace.bsd.uchicago.edu/srp/jdh/Sections
URL6	http://bace.bsd.uchicago.edu/srp/jdh
URL7	http://bace.bsd.uchicago.edu/srp
URL8	http://bace.bsd.uchicago.edu
BASE0	http://bace.bsd.uchicago.edu
BASE1	http://bace.bsd.uchicago.edu
BASE2	http://bace.bsd.uchicago.edu/srp
BASE3	http://bace.bsd.uchicago.edu/srp/jdh
BASE4	http://bace.bsd.uchicago.edu/srp/jdh/Sections
BASE5	http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1
BASE6	http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter
BASE7	http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct
BASE8	http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course
BASE9	http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm
environ
HTTP_COOKIE	'tree-s="eJzTyCkw5NLIKTDiClZ3hANPW3WuAmOuRKCECUjWFEU2EiRrBpY1B8laoMimg2QtwbKGBiBpQ0MkeeMgV5C8oRFXIhiA5I2R5bNDwfImEANMwQaYIRQ4hbnngxWYQw3QAwBNLzCv"; _ZopeId="88234626A13Ni1oME3c"; __cp="x%DA%D3%60b%60%60%C8%04b%86hF%20%A1%C1%02%24%8AA%DCbf%10QTP%0C%121200-%E6%03%09d%96%A4%C6%17%24%16%25%E6%16%C7%17T%02%00%D9w%0A%F9"'
SERVER_SOFTWARE	'Zope/(Zope 2.7.3-0, python 2.3.4, linux2) ZServer/1.1'
SCRIPT_NAME	''
REQUEST_METHOD	'GET'
HTTP_KEEP_ALIVE	'300'
SERVER_PROTOCOL	'HTTP/1.1'
QUERY_STRING	'project_id=A%20Proj&student_id=J%20Hunter'
channel.creation_time	1118156005
CONNECTION_TYPE	'keep-alive'
HTTP_ACCEPT_CHARSET	'ISO-8859-1,utf-8;q=0.7,*;q=0.7'
HTTP_USER_AGENT	'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4'
HTTP_REFERER	'http://bace.bsd.uchicago.edu/srp/jdh'
SERVER_NAME	'render.bsd.uchicago.edu'
REMOTE_ADDR	'128.135.90.133'
PATH_TRANSLATED	'/srp/jdh/Sections/S1/J Hunter/manage_addProduct/Course/ProjectSubmission_addForm'
SERVER_PORT	'80'
HTTP_HOST	'bace.bsd.uchicago.edu'
HTTP_ACCEPT	'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5'
GATEWAY_INTERFACE	'CGI/1.1'
HTTP_ACCEPT_LANGUAGE	'en-us,en;q=0.5'
HTTP_ACCEPT_ENCODING	'gzip,deflate'
PATH_INFO


More information about the Zope mailing list