RE: [Zope] Giving access to error_log.showEntry to non-Manager users

2007-01-18 Thread martin.gfeller 

Stuff that starts with 'manage_' always requires the Manager role.

It seems that this is declared in App.Management.Navigation as:
security.declareProtected(view_management_screens,
'manage_page_header')

However, I found a way around: Using the call error_log/getLogEntryById
instead of the error_log/showEntry that is returned by error_log_url, I
get
the same information outside of the management screens (it only needs 
'Log Site Errors' permission.

Best regards,
Martin Gfeller

___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Giving access to error_log.showEntry to non-Manager users

2007-01-16 Thread Dieter Maurer 
Andreas Jung wrote at 2007-1-15 11:35 +0100:


--On 15. Januar 2007 11:26:27 +0100 [EMAIL PROTECTED] wrote:

 The actual access error is on 'manage_page_header' - I append the error
 traceback.


Stuff that starts with 'manage_' always requires the Manager role.

Where did you find this?

  In my view it is not and was never right...
  There is not special protection for objects the name of which
  starts with manage_.

  A primary counter example are the hundreds of constructors
  registered with initializeClass which traditionally are
  named manage_add[Form] but are protected by Add XXX permission
  which are often not restricted to Manager only.



-- 
Dieter
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

[Zope] Giving access to error_log.showEntry to non-Manager users

2007-01-15 Thread martin.gfeller 
Dear all,

I'm trying to give all authenticated users access to the error log of an

error that they just encountered. I'm using the error_log_url available
in
the standard_error_message to direct the user to the appropriate error
log.

This works fine for users with Manager role, but I cannot make it work
for other authenticated users. I modified the error_log access to 
include 'View', 'View management screens'  and 'Log Site Errors', 
but it doesn't help, unless I give 'View management screens' 
to Authenticated in the Zope root, which opens up too much. 

The actual access error is on 'manage_page_header' - I append the error 
traceback. 

I've also tried to access the error_log through a DTML with
proxy set to Manager, to no avail. 

Any tips? 
Thank you and best regards,
Martin Gfeller, COMIT AG, mailto:[EMAIL PROTECTED]



Error Traceback, Zope 2.10.1 on Windows. 

SERVER_SOFTWARE 'Zope/(unreleased version, python 2.4.4, win32)
ZServer/1.1'

Traceback (innermost last):
  Module ZPublisher.Publish, line 115, in publish
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 41, in call_object
  Module Shared.DC.Scripts.Bindings, line 313, in __call__
  Module Shared.DC.Scripts.Bindings, line 350, in _bindAndExec
  Module Products.PageTemplates.PageTemplateFile, line 121, in _exec
  Module Products.PageTemplates.PageTemplate, line 89, in pt_render
  Module zope.pagetemplate.pagetemplate, line 117, in pt_render
  Module zope.tal.talinterpreter, line 271, in __call__
  Module zope.tal.talinterpreter, line 346, in interpret
  Module zope.tal.talinterpreter, line 534, in do_optTag_tal
  Module zope.tal.talinterpreter, line 516, in no_tag
  Module zope.tal.talinterpreter, line 346, in interpret
  Module zope.tal.talinterpreter, line 745, in do_insertStructure_tal
  Module zope.tales.tales, line 696, in evaluate
   - URL: showEntry
   - Line 1, Column 0
   - Expression: PathExpr standard:'here/manage_page_header'
   - Names:
  {'container': SiteErrorLog at /Quantax/error_log,
   'context': SiteErrorLog at /Quantax/error_log,
   'default': object object at 0x00A3B528,
   'here': SiteErrorLog at /Quantax/error_log,
   'loop': {},
   'nothing': None,
   'options': {'args': ()},
   'repeat': Products.PageTemplates.Expressions.SafeMapping object
at
0x05079DA0,
   'request': HTTPRequest,
URL=http://127.0.0.1:8080/Quantax/error_log/showEntry,
   'root': Application at ,
   'template': PageTemplateFile at /Quantax/error_log/showEntry,
   'user': GRUFUser 'dealer'}
  Module zope.tales.expressions, line 217, in __call__
  Module Products.PageTemplates.Expressions, line 122, in _eval
  Module zope.tales.expressions, line 124, in _eval
  Module Products.PageTemplates.Expressions, line 71, in
boboAwareZopeTraverse
  Module OFS.Traversable, line 301, in restrictedTraverse
  Module OFS.Traversable, line 274, in unrestrictedTraverse
   - __traceback_info__: ([], 'manage_page_header')
Unauthorized: You are not allowed to access 'manage_page_header' in this
context


___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Re: [Zope] Giving access to error_log.showEntry to non-Manager users

2007-01-15 Thread Andreas Jung 



--On 15. Januar 2007 11:26:27 +0100 [EMAIL PROTECTED] wrote:


The actual access error is on 'manage_page_header' - I append the error
traceback.



Stuff that starts with 'manage_' always requires the Manager role.

-aj

pgpu2XxeOtI5p.pgp
Description: PGP signature
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )