[zope2-tracker] [Bug 546615] [NEW] Inheritance of Folder Permissions (set in ZMI)
Tres Seaver
tseaver at palladion.com
Thu Mar 25 07:25:05 EDT 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Vladislav Vorobiev wrote:
> Public bug reported:
>
> Zope2 2.12.3
>
> if you specify permissions on folder for example:
>
> view only for manager
>
> folder 1 - permission view all
> --index_html - calls xyz
> --xyz script
>
> --folder 2 - permission view manager
> ----xyz script
>
> Error Type: Unauthorized
> Error Value: You are not allowed to access 'xyz' in this context
>
> in all preview versions you got an login form.
status confirmed
After constructing a similar folder structure in a new empty instance,
and granting 'View' on the 'protected' subfolder only to 'Manager' (no
acquisition), I was able to see the error page as described here when
visiting the protected folder. Looking at the headers with 'wget' shows:
- --------------------- %< --------------------------------
$ wget -O - -S http://localhost:8080/lp546615/protected
- --2010-03-25 07:19:38-- http://localhost:8080/lp546615/protected
Resolving localhost... 127.0.0.1, ::1
Connecting to localhost|127.0.0.1|:8080... connected.
HTTP request sent, awaiting response...
HTTP/1.0 401 Unauthorized
Server: Zope/(2.12.3, python 2.6.4, linux2) ZServer/1.1
Date: Thu, 25 Mar 2010 11:19:38 GMT
Content-Length: 911
Content-Type: text/html; charset=iso-8859-15
Connection: Keep-Alive
Authorization failed.
$ wget -O - -S http://localhost:8080/manage
- --2010-03-25 07:20:03-- http://localhost:8080/manage
Resolving localhost... 127.0.0.1, ::1
Connecting to localhost|127.0.0.1|:8080... connected.
HTTP request sent, awaiting response...
HTTP/1.0 401 Unauthorized
Server: Zope/(2.12.3, python 2.6.4, linux2) ZServer/1.1
Date: Thu, 25 Mar 2010 11:20:03 GMT
Connection: Keep-Alive
Content-Length: 187
Content-Type: text/html; charset=iso-8859-15
WWW-Authenticate: basic realm="Zope"
Authorization failed.
- --------------------- %< --------------------------------
Which indicates that the 'WWW-Authenticate' challenge header is not
being added to the request for the protected subfolder as it should be.
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkurSAwACgkQ+gerLs4ltQ4MsACfYzLcl0UIjBrTCACCfbqW3As7
m/kAnRbG2MKMpX1FQB1XtT63xQTdKrTt
=3NgY
-----END PGP SIGNATURE-----
** Changed in: zope2
Status: New => Confirmed
--
Inheritance of Folder Permissions (set in ZMI)
https://bugs.launchpad.net/bugs/546615
You received this bug notification because you are a member of Zope 2
Developers, which is subscribed to Zope 2.
More information about the zope2-tracker
mailing list