[Zope] Re: Problem with permissions in 2.8.4 (resolved)

Pablo Ziliani pablo at decode.com.ar
Sun Nov 13 14:44:39 EST 2005 

Replying to my own post as I just found the answer to my problem (which 
had nothing to do with the version of zope).

The problem was that when I mass-imported some folders to the new 
instance, I didn't check to retain the ownership information; thus the 
templates where executed whith the credentials of the Anonymous role.

Sorry for bothering, I hope someone finds this post usefull in the future,
Pablo

PS: setting the verbose-security on was of great help in order to 
address this issue

Pablo Ziliani wrote:

> Hello,
> I am having a very tough time with permissions after I have upgraded 
> to 2.8.4 from 2.8.1, and I would really appreciate some help as I have 
> exhausted my imagination trying to figure what's wrong.
>
> I have the following structure in my zope instance:
>
> zope root
> |---- sites
> |----|---- admin
> |----|---- website
>
> Inside the folder admin I have some templates using a macro named 
> "page" in a sibling template.
> The folder "sites" has some checks marked in the security tab, but 
> this is supposed to be ineffective since all the permissions are also 
> acquiring from the root folder.
> The folder "admin" has the default permissions but for the "View" and 
> "Access Content Information", which I only made available for Managers 
> and some other irrelevant roles.
> Pages inside admin (i.e.: "users.html") have additional security 
> configurations, but in all cases Managers are explicitly allowed.
> The "website" folder is the virtual domain, so when I call 
> http://mywebsite.com/admin I am in fact acquiring the folder from 
> above the site root (website). However, this doesn't seem to be the 
> problem: the same occurs if I move admin inside website.
> My user is defined in the zope root and although there's another 
> acl_folder in "sites" there's no user there with my same id.
> The odd thing is that if I (also) check all the "Acquire permissions 
> settings" checkbox in admin, I will be able to access the macro but 
> then the macro page won't be able to access some methods 
> i.e."template/title_or_id". I think this should not happen, Managers 
> are always (explicitly!) allowed all along the path from the root to 
> each page.
>
> As said, this was working fine in 2.8.1.
> Any help or hint would be greatly appreciated,
> TIA,  Pablo
>
> PS: this is the traceback:
>
> Request URL      http://mywebsite.com/admin/users.html
> Exception Type     Unauthorized
> Exception Value     Not authorized to access binding: context
>
> Traceback (innermost last):
>
>    * Module ZPublisher.Publish, line 113, in publish
>    * Module ZPublisher.mapply, line 88, in mapply
>    * Module ZPublisher.Publish, line 40, in call_object
>    * Module Shared.DC.Scripts.Bindings, line 311, in __call__
>    * Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec
>    * Module Products.PageTemplates.ZopePageTemplate, line 256, in _exec
>    * Module Products.PageTemplates.PageTemplate, line 104, in pt_render
>      <ZopePageTemplate at /sites/admin/users.html>
>    * Module TAL.TALInterpreter, line 206, in __call__
>    * Module TAL.TALInterpreter, line 250, in interpret
>    * Module TAL.TALInterpreter, line 697, in do_useMacro
>    * Module Products.PageTemplates.TALES, line 221, in evaluate
>      URL: /sites/admin/users.html
>      Line 4, Column 0
>      Expression: standard:'here/template_admin.html/macros/page'
>      Names:
>
> {'container': <UnauthorizedBinding: container>,
> 'context': <UnauthorizedBinding: context>,
> 'default': <Products.PageTemplates.TALES.Default instance at 0xb7516c4c>,
> 'here': <UnauthorizedBinding: context>,
> 'loop': <Products.PageTemplates.TALES.SafeMapping object at 0xb3ee062c>,
> 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter 
> instance at 0xb7528b4c>,
> 'nothing': None,
> 'options': {'args': ()},
> 'repeat': <Products.PageTemplates.TALES.SafeMapping object at 
> 0xb3ee062c>,
> 'request': <HTTPRequest, URL=http://mywebsite.com/admin/users.html>,
> 'root': <Application at >,
> 'template': <ZopePageTemplate at /sites/admin/users.html>,
> 'traverse_subpath': [],
> 'user': pablo}
>
>    * Module Products.PageTemplates.Expressions, line 185, in __call__
>    * Module Products.PageTemplates.Expressions, line 173, in _eval
>    * Module Products.PageTemplates.Expressions, line 127, in _eval
>      __traceback_info__: here
>    * Module Products.PageTemplates.Expressions, line 284, in 
> restrictedTraverse
>      __traceback_info__: {'path': ['template_admin.html', 'macros', 
> 'page'], 'TraversalRequestNameStack': ['page', 'macros']}
>    * Module Shared.DC.Scripts.Bindings, line 180, in __getattr__
>    * Module Shared.DC.Scripts.Bindings, line 187, in __you_lose
>
> Unauthorized: Not authorized to access binding: context
>

More information about the Zope mailing list