----- Original Message -----
From: "Jonathan" <[EMAIL PROTECTED]>
To: <zope@zope.org>
Sent: Thursday, March 08, 2007 9:27 AM
Subject: [Zope] External Methods and Authentication error
I have an external method that contains:
threadFolder = self.unrestrictedTraverse(topFolder + forumId + '/'
+ threadId, None)
threadFolder.manage_changeProperties({'viewCount':
threadFolder.viewCount+1})
When this external method is invoked (via an 'Anonymous' user invoking a
dtml method) I get the following authentication error:
Traceback (innermost last):
Module ZPublisher.Publish, line 115, in publish
Module ZPublisher.mapply, line 88, in mapply
Module ZPublisher.Publish, line 41, in call_object
Module OFS.DTMLMethod, line 144, in __call__
- <DTMLMethod at /Playwiser/WUI/ViewPublicThread>
- URL: http://new.playwiser.com/ViewPublicThread/manage_main
- Physical Path: /Playwiser/WUI/ViewPublicThread
Module DocumentTemplate.DT_String, line 476, in __call__
Module DocumentTemplate.DT_Let, line 75, in render
Module DocumentTemplate.DT_Util, line 196, in eval
- __traceback_info__: document_id
Module <string>, line 1, in <expression>
Module Products.ExternalMethod.ExternalMethod, line 232, in __call__
- __traceback_info__: (('ViewPublicThread',), {}, None)
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 705, in
ProcessControl
Module <string>, line 1, in ?
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 6212, in
subViewPublicThread
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 3228, in
IncrementViewCount
Module OFS.PropertyManager, line 320, in manage_changeProperties
Module Shared.DC.Scripts.Bindings, line 311, in __call__
Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec
Module App.special_dtml, line 175, in _exec
Module Shared.DC.Scripts.Bindings, line 182, in __getattr__
Module AccessControl.ImplPython, line 563, in validate
Module AccessControl.ImplPython, line 461, in validate
Module AccessControl.ImplPython, line 808, in raiseVerbose
Unauthorized: Your user account does not have the required permission.
Access to 'manage_page_header' of (BTreeFolder2 at
/Playwiser/PublicForums/0000000000/0000000000) denied. Your user account,
Anonymous User, exists at /acl_users. Access requires one of the following
roles: ['Manager']. Your roles in this context are ['Anonymous'].
I was under the impression that code in external methods runs as 'trusted'
and does not incur normal Zope security checks.
Is this error being generated because the external method was invoked by a
DTML method or is there some other factor that I am unaware of?
If i set the 'Access contents information' permission for the PublicForums
BTreeFolder2 to 'Anonymous' the external method works.
I don't know why this permission would allow the manage_changeProperties
(line 3228 in the external method) to work?
line 3228: threadFolder.manage_changeProperties({'viewCount': >
threadFolder.viewCount+1})
Zope 2.9.2
Python 2.4.2
Red Hat 3.4.5-2
Thanks,
Jonathan
_______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
