[Zope] zope 2.7: Unauthorized "in this context"
Dieter Maurer
dieter at handshake.de
Wed Jun 8 13:06:24 EDT 2005
John Hunter wrote at 2005-6-7 09:52 -0500:
> ...
>Traceback (innermost last):
> ...
> URL: http://srp.uchicago.edu/2005/Sections/B1/Amrita%20Arora/ProjectSubmission_addForm/manage_main
> Physical Path:/srp/2005/Sections/B1/Amrita Arora/ProjectSubmission_addForm
> * Module DocumentTemplate.DT_String, line 474, in __call__
> * Module DocumentTemplate.DT_With, line 76, in render
>
>Unauthorized: You are not allowed to access 'mentor' in this context
The "VerboseSecurity" product may give you more detailed information.
I usually analyse such problems in an interactive Python interpreter.
Under *nix, you start it with "bin/zopectl debug" (for Windows,
a "*.bat" file has been posted --> mailing list archive).
You login in the interactive Python interpreter with
UF = app.acl_users # or some other user folder
u = UF.getUser('your_user') # what user you want)
from AccessControl.SecurityManagement import newSecurityUser
newSecurityUser(None, u.__of__UF)
# "u" is now logged in
You can check whether Zope thinks the current user can
access attribute "a" with value "v" from container "c" with
from AccessControl import getSecurityManager as gSM;
sm = gSM() # the security manager
sm.validate(c, c, a, v)
It will return "1" for access allowed, or 0 or an "Unauthorized"
exception (do not ask why) for access denied.
For attributes without their own security declarations (such
as properties), "validate" will consult "c.__roles__" (the
roles allowed to access "c")
and "c.__allow_access_to_unprotected_subobjects__".
--
Dieter
More information about the Zope
mailing list