After any manual change of the security on a proxy, you should call
proxy.reindexObjectSecurity() so that the rest of the framework knows
about it. Notably, this propagates security from the proxy to the
object in the repository (as seen in your error message).
Normally the framework does this automatically, when the workflow
changes the permissions, or when the local roles are changed through
the CMF APIs, because in both cases proxy.reindexObjectSecurity() is
called.
Note, however, that this updating is done at the end of the current
transaction in recent CPS (for performance reasons), so this won't be
seen by the rest of the code before the next transaction (a REDIRECT
will do).
Do you change the security through the normal CPS interface? What
version are you using?
Florent
On 3 Jun 2005, at 15:23, Braun Brelin wrote:
After installing the Verbose Security, I think the problem is thus:
The security seems to be totally ignoring the concept of local
roles in
the proxy folders. For example, I give user 'foo' a local role of
"workspace member" for a specific workspace folder and give that
role the
ability to "view" in the security permissions grid.
Clicking the security->local roles link shows that user 'foo' is
indeed
listed as a user who is a "workspace member".
However, when I actually log in as 'foo' in the portal and try to
go to
the workspace folder, either through the GUI or manually by typing
in the
URL, I get a permission violation.
The text is as follows (users name changed to protect his/her
innocence)
Your user account does not have the required permission. Access to
'modified' of (CPSDocument at /cps/portal_repository/666852686__0001)
denied. Your user account, foo, exists at /cps/acl_users. Access
requires
View_Permission, granted to the following roles: ['Manager',
'permission:View']. Your roles in this context are ['Anonymous',
'Authenticated'].
So we can see that for some reason, the local roles are not
included, even
though I maintain they should be.
Braun Brelin
For all hard-to-understand Unauthorized errors, you should install
the VerboseSecurity product that will give you detailed information.
Florent
On 2 Jun 2005, at 19:23, Braun Brelin wrote:
Folks,
I'm trying to access some proxy folders when logged in as a user
(not owner).
Even though I specify as the owner that the given user has been
given a local
role for the folder, Zope security still doesn't allow the user in.
I get the following error:
Unauthorized: You are not allowed to access 'modified' in this
context
I'm at a loss to figure out what to do next.
Braun Brelin
--
Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D
+33 1 40 33 71 59 http://nuxeo.com [EMAIL PROTECTED]
_______________________________________________
cps-users mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/cps-users
--
Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D
+33 1 40 33 71 59 http://nuxeo.com [EMAIL PROTECTED]
_______________________________________________
cps-users mailing list
[email protected]
http://lists.nuxeo.com/mailman/listinfo/cps-users
