[Zope] zope 2.7: Unauthorized "in this context"
John Hunter
jdhunter at ace.bsd.uchicago.edu
Tue Jun 7 10:52:38 EDT 2005
I recently upgraded my zope server to 2.7 and a product I wrote which
makes heavy use of Z-Classes is now broken. This is a workflow site
for a course, and there are Course, Section, Student,
ProjectSubmission, etc as ZClasses. To view the page at all students
undergo basic authentication. When students want to submit some
homework (the have the "Add Project Submissions" Class Permission)
they click on a link like the following for the ProjectSubmission add
form
http://myserver.com/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm?project_id=A%20Proj&student_id=J%20Hunter
Where "J Hunter" is the Student, "S1" is the Section and "A Proj" is
the ProjectSubmission. This was working fine until the upgrade, the
link took them to the ProjectSubmission_addForm and they could add
their submission. After the upgrade, now they get another
authentication dialog box and after reentering their username and
password, they get the dialog box again, and then if they hit cancel
they get (verbose info below)
Traceback (innermost last):
* Module ZPublisher.Publish, line 101, in publish
* Module ZPublisher.mapply, line 88, in mapply
* Module ZPublisher.Publish, line 39, in call_object
* Module OFS.DTMLMethod, line 130, in __call__
<DTMLMethod instance at 4128fef0>
URL: http://srp.uchicago.edu/2005/Sections/B1/Amrita%20Arora/ProjectSubmission_addForm/manage_main
Physical Path:/srp/2005/Sections/B1/Amrita Arora/ProjectSubmission_addForm
* Module DocumentTemplate.DT_String, line 474, in __call__
* Module DocumentTemplate.DT_With, line 76, in render
Unauthorized: You are not allowed to access 'mentor' in this context
"mentor" is a field in the StudentPropertySheet.
Interestingly, the same result occurs even if I enter a manager or
site-root username/password in the authentication dialog box.
I googled for the error message and found
http://mail.zope.org/pipermail/zope-dev/2004-January/021501.html
Based on my read of this, I tried adding the "Manager" proxy role to
ProjectSubmission_addForm but this did not help.
Any ideas? The add form and the verbose traceback are included below.
As I say, all was working fine until a server upgrade so I suspect
there is a recent zope feature that I am not handling properly.
Thanks,
JDH
Here is DTML Method ProjectSubmission_addForm
<dtml-comment> -*- mode: dtml; dtml-top-element: "body" -*- </dtml-comment>
<dtml-var standard_html_header>
<dtml-with site_params_py mapping>
<form action="ProjectSubmission_add_py"
method="post" enctype="multipart/form-data">
<table <dtml-var form_table_params>>
<dtml-var "form_table_header_dtml(_.None, _,
caption='Enter project submission information', num_columns=2)">
<dtml-comment>
<tr>
<th <dtml-var form_table_th>>Email</th>
<td><input size=50 name="email" value="<dtml-var email>"></td>
</tr>
</dtml-comment>
<tr>
<th <dtml-var form_table_th>>Mentor</th>
<td><input size=50 name="mentor" value="<dtml-var mentor>"></td>
</tr>
<tr>
<th <dtml-var form_table_th>>Mentor email</th>
<td><input size=50 name="mentor_email" value="<dtml-var mentor_email>"></td>
</tr>
<tr>
<th <dtml-var form_table_th>>File</th>
<td><input size=60 type="file" name="file_data"></td>
</tr>
<tr>
<th <dtml-var form_table_th>>Title:</th>
<td><TEXTAREA WRAP="virtual" NAME="submission_title"
ROWS=2 COLS=80 tabindex=1></TEXTAREA></td>
</tr>
<tr>
<th <dtml-var form_table_th>>Synopsis:</th>
<td><TEXTAREA WRAP="virtual" NAME="description"
ROWS=10 COLS=80 tabindex=1></TEXTAREA></td>
</tr>
<tr>
<th colspan=2 align=center>
<input type="submit" value="Upload Submission"></th>
</tr>
<dtml-comment>
Note:hidden must come last, right before the </form> tag
</dtml-comment>
<input type="hidden" value="<dtml-var project_id>"
name="project_id">
<input type="hidden" value="<dtml-var student_id>"
name="student_id">
<input type="hidden" value=<dtml-var "REQUEST.get('REMOTE_ADDR')">
name="remote_address" >
</form>
</table>
<br><br>
</dtml-with>
<br><br>
<dtml-var standard_html_footer>
Time 2005/06/07 09:54:55 GMT-5
User Name (User Id) student (student)
Request URL http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm
Exception Type Unauthorized
Exception Value You are not allowed to access 'mentor' in this context
Traceback (innermost last):
* Module ZPublisher.Publish, line 101, in publish
* Module ZPublisher.mapply, line 88, in mapply
* Module ZPublisher.Publish, line 39, in call_object
* Module OFS.DTMLMethod, line 130, in __call__
<DTMLMethod instance at 411fb740>
URL: http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/ProjectSubmission_addForm/manage_main
Physical Path:/srp/jdh/Sections/S1/J Hunter/ProjectSubmission_addForm
* Module DocumentTemplate.DT_String, line 474, in __call__
* Module DocumentTemplate.DT_With, line 76, in render
Unauthorized: You are not allowed to access 'mentor' in this context
Display traceback as text
REQUEST
form
student_id 'J Hunter'
project_id 'A Proj'
cookies
tree-s 'eJzTyCkw5NLIKTDiClZ3hANPW3WuAmOuRKCECUjWFEU2EiRrBpY1B8laoMimg2QtwbKGBiBpQ0MkeeMgV5C8oRFXIhiA5I2R5bNDwfImEANMwQaYIRQ4hbnngxWYQw3QAwBNLzCv'
__cp 'x%DA%D3%60b%60%60%C8%04b%86hF%20%A1%C1%02%24%8AA%DCbf%10QTP%0C%121200-%E6%03%09d%96%A4%C6%17%24%16%25%E6%16%C7%17T%02%00%D9w%0A%F9'
_ZopeId '88234626A13Ni1oME3c'
lazy items
SESSION <bound method SessionDataManager.getSessionData of <SessionDataManager instance at 411e6ad0>>
other
URL5 'http://bace.bsd.uchicago.edu/srp/jdh/Sections'
URL4 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1'
URL7 'http://bace.bsd.uchicago.edu/srp'
URL6 'http://bace.bsd.uchicago.edu/srp/jdh'
URL3 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter'
URL2 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct'
URL8 'http://bace.bsd.uchicago.edu'
AUTHENTICATED_USER student
SERVER_URL 'http://bace.bsd.uchicago.edu'
AUTHENTICATION_PATH 'srp/jdh'
URL 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm'
BASE9 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm'
PUBLISHED <DTMLMethod instance at 411fb740>
TraversalRequestNameStack []
BASE1 'http://bace.bsd.uchicago.edu'
BASE2 'http://bace.bsd.uchicago.edu/srp'
BASE3 'http://bace.bsd.uchicago.edu/srp/jdh'
BASE4 'http://bace.bsd.uchicago.edu/srp/jdh/Sections'
BASE5 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1'
BASE6 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter'
BASE7 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct'
BASE8 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course'
URL1 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course'
URL0 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm
URL1 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course
URL2 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct
URL3 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter
URL4 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1
URL5 http://bace.bsd.uchicago.edu/srp/jdh/Sections
URL6 http://bace.bsd.uchicago.edu/srp/jdh
URL7 http://bace.bsd.uchicago.edu/srp
URL8 http://bace.bsd.uchicago.edu
BASE0 http://bace.bsd.uchicago.edu
BASE1 http://bace.bsd.uchicago.edu
BASE2 http://bace.bsd.uchicago.edu/srp
BASE3 http://bace.bsd.uchicago.edu/srp/jdh
BASE4 http://bace.bsd.uchicago.edu/srp/jdh/Sections
BASE5 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1
BASE6 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter
BASE7 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct
BASE8 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course
BASE9 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm
environ
HTTP_COOKIE 'tree-s="eJzTyCkw5NLIKTDiClZ3hANPW3WuAmOuRKCECUjWFEU2EiRrBpY1B8laoMimg2QtwbKGBiBpQ0MkeeMgV5C8oRFXIhiA5I2R5bNDwfImEANMwQaYIRQ4hbnngxWYQw3QAwBNLzCv"; _ZopeId="88234626A13Ni1oME3c"; __cp="x%DA%D3%60b%60%60%C8%04b%86hF%20%A1%C1%02%24%8AA%DCbf%10QTP%0C%121200-%E6%03%09d%96%A4%C6%17%24%16%25%E6%16%C7%17T%02%00%D9w%0A%F9"'
SERVER_SOFTWARE 'Zope/(Zope 2.7.3-0, python 2.3.4, linux2) ZServer/1.1'
SCRIPT_NAME ''
REQUEST_METHOD 'GET'
HTTP_KEEP_ALIVE '300'
SERVER_PROTOCOL 'HTTP/1.1'
QUERY_STRING 'project_id=A%20Proj&student_id=J%20Hunter'
channel.creation_time 1118156005
CONNECTION_TYPE 'keep-alive'
HTTP_ACCEPT_CHARSET 'ISO-8859-1,utf-8;q=0.7,*;q=0.7'
HTTP_USER_AGENT 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4'
HTTP_REFERER 'http://bace.bsd.uchicago.edu/srp/jdh'
SERVER_NAME 'render.bsd.uchicago.edu'
REMOTE_ADDR '128.135.90.133'
PATH_TRANSLATED '/srp/jdh/Sections/S1/J Hunter/manage_addProduct/Course/ProjectSubmission_addForm'
SERVER_PORT '80'
HTTP_HOST 'bace.bsd.uchicago.edu'
HTTP_ACCEPT 'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5'
GATEWAY_INTERFACE 'CGI/1.1'
HTTP_ACCEPT_LANGUAGE 'en-us,en;q=0.5'
HTTP_ACCEPT_ENCODING 'gzip,deflate'
PATH_INFO
More information about the Zope
mailing list