[Zope] Re: Confused about permissions

Tres Seaver tseaver at palladion.com
Wed May 14 13:08:19 EDT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brenda Bell wrote:
> In article <b311b-news-555B7E.01592813052008 at news.gmane.org>,
>  Brenda Bell <b311b-news at theotherbell.com> 
>  wrote:
> 
>> What I can't seem to do is get the permissions right such that a user in 
>> the Editor role can add new External Files.
>>
>> I've checked every box on the Security tab for the Editor role.  Users 
>> in the Editor role can view and modify existing ExternalFile's but still 
>> cannot add new ones.

I don't know that product.  There is likely another permission, e.g.
'Add External Files', which protects the methods used to create new
instances;  that permission is likely distinct from the permissions
required to modify or delete those instances.

> I enabled VerboseSecurity and I see this in my console window when I try 
> to add an ExternalFile when logged in as a user who is assigned the 
> Editor role:
> 
> 2008-05-13 13:12:55 ERROR Zope.SiteErrorLog 
> http://localhost:8090/foo/manage_addProduct/ExternalFile/manage_addObject
> ViaGui
> Traceback (innermost last):
>   Module ZPublisher.Publish, line 110, in publish
>   Module ZPublisher.BaseRequest, line 596, in traverse
>   Module ZPublisher.HTTPResponse, line 713, in unauthorized
> Unauthorized: <strong>You are not authorized to access this 
> resource.</strong><p>
> No Authorization header found.</p> 

That traceback should be from the first request, which then prompts you
to log in (e.g., via basic auth).

The next request should either succeed (if the login / password you
supply matches), or show a different traceback (e.g., invalid credentials).

> A loop in BaseRequest seems to be falling through a loop that's 
> dependent on ''__allow_groups__''.

'__allow_groups__' is the name which the authentication machinery uses
to find the user folder:  it is an alias for 'acl_users', not visible in
the ZMI.

> I've tried adding a group, assigning the Editor role to the group and 
> making my user a member of the group.  But I still get the same error.
> 
> What am I missing?


Rewa.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIKxyD+gerLs4ltQ4RAr4BAJ9g3VW8CKoNUsTeyOeLv0q4mYJE4QCgu6Id
PoQUteaxY9oNtgwqyNQfdHQ=
=SBFz
-----END PGP SIGNATURE-----



More information about the Zope mailing list