[Zope] Unauthorized error with ZCatalog

Jonathan dev101 at magma.ca
Wed Mar 14 10:10:12 EDT 2007 

I have some "trusted code" (an external method) which is doing a ZCatalog 
search:

sRes = targetFolder.Catalog({'PrincipiaSearchSource' : 
self.REQUEST['searchText']})


But this is causing the following error:

Traceback (innermost last):
  Module ZPublisher.Publish, line 115, in publish
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 41, in call_object
  Module OFS.DTMLMethod, line 144, in __call__
   - <DTMLMethod at /Playwiser/WUI/SearchPublicPosts>
   - Physical Path: /Playwiser/WUI/SearchPublicPosts
  Module DocumentTemplate.DT_String, line 476, in __call__
  Module DocumentTemplate.DT_Let, line 75, in render
  Module DocumentTemplate.DT_Util, line 196, in eval
   - __traceback_info__: document_id
  Module <string>, line 1, in <expression>
  Module Products.ExternalMethod.ExternalMethod, line 232, in __call__
   - __traceback_info__: (('SearchPublicPosts',), {}, None)
  Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 718, in 
ProcessControl
  Module <string>, line 1, in ?
  Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 6819, in 
subSearchPublicPosts
  Module Products.ZCatalog.CatalogBrains, line 86, in getObject
  Module OFS.Traversable, line 238, in restrictedTraverse
  Module OFS.Traversable, line 209, in unrestrictedTraverse
   - __traceback_info__: ([], '0000000001')
  Module AccessControl.ImplPython, line 563, in validate
  Module AccessControl.ImplPython, line 461, in validate
  Module AccessControl.ImplPython, line 808, in raiseVerbose
Unauthorized: Your user account does not have the required permission. 
Access to '0000000001' of (BTreeFolder2 at 
/Playwiser/PublicForums/0000000000/0000000000) denied. Your user account, 
Anonymous User, exists at /acl_users. Access requires one of the following 
roles: ['Manager']. Your roles in this context are ['Anonymous'].

This error is being generated because the containing folders ( 
/Playwiser/PublicForums/0000000000/0000000000) require 'Manager' privileges 
to access and the external method is being run from an 'Anonymous' method.

I do not want users to be able to access the folders or content directly 
(hence the 'Manager' restrictions), I only want users to access the content 
of these folders via the external method routines (so that I can control 
inputs, searching and display).

The problem code in CatalogBrains.py is:

line 60:     def getObject(self, REQUEST=None):
...
line 85:         try:
line 86:            target = parent.restrictedTraverse(path[-1])
line 87:        except ConflictError:
line 88:            raise


Is there any way to get Zope to treat my external method as if it had 
'Manager' access privilege so that the restrictedTraverse call doesn't 
generate the "Unauthorized" error? (ie. in python scripts you can set a 
proxy role, but I don't know of anything similar for external methods).

Any and all ideas appreciated!

Jonathan

More information about the Zope mailing list