[Zope] External Methods and Authentication error

Jonathan dev101 at magma.ca
Thu Mar 8 09:27:50 EST 2007 

I have an external method that contains:

        threadFolder = self.unrestrictedTraverse(topFolder + forumId + '/' + 
threadId, None)
        threadFolder.manage_changeProperties({'viewCount': 
threadFolder.viewCount+1})


When this external method is invoked (via an 'Anonymous' user invoking a 
dtml method) I get the following authentication error:

Traceback (innermost last):
  Module ZPublisher.Publish, line 115, in publish
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 41, in call_object
  Module OFS.DTMLMethod, line 144, in __call__
   - <DTMLMethod at /Playwiser/WUI/ViewPublicThread>
   - URL: http://new.playwiser.com/ViewPublicThread/manage_main
   - Physical Path: /Playwiser/WUI/ViewPublicThread
  Module DocumentTemplate.DT_String, line 476, in __call__
  Module DocumentTemplate.DT_Let, line 75, in render
  Module DocumentTemplate.DT_Util, line 196, in eval
   - __traceback_info__: document_id
  Module <string>, line 1, in <expression>
  Module Products.ExternalMethod.ExternalMethod, line 232, in __call__
   - __traceback_info__: (('ViewPublicThread',), {}, None)
  Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 705, in 
ProcessControl
  Module <string>, line 1, in ?
  Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 6212, in 
subViewPublicThread
  Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 3228, in 
IncrementViewCount
  Module OFS.PropertyManager, line 320, in manage_changeProperties
  Module Shared.DC.Scripts.Bindings, line 311, in __call__
  Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec
  Module App.special_dtml, line 175, in _exec
  Module Shared.DC.Scripts.Bindings, line 182, in __getattr__
  Module AccessControl.ImplPython, line 563, in validate
  Module AccessControl.ImplPython, line 461, in validate
  Module AccessControl.ImplPython, line 808, in raiseVerbose
Unauthorized: Your user account does not have the required permission. 
Access to 'manage_page_header' of (BTreeFolder2 at 
/Playwiser/PublicForums/0000000000/0000000000) denied. Your user account, 
Anonymous User, exists at /acl_users. Access requires one of the following 
roles: ['Manager']. Your roles in this context are ['Anonymous'].


I was under the impression that code in external methods runs as 'trusted' 
and does not incur normal Zope security checks.

Is this error being generated because the external method was invoked by a 
DTML method or is there some other factor that I am unaware of?

Thanks,

Jonathan

More information about the Zope mailing list