Hi,
After upgrading to Zope 2.7.5 I experience the following behaviour:
In a dcwokflow, i have a script with the following content, narrowed down for simplicity:
# get the object and its ID obj = state_change.object
The script is set to be called after a transition.
Without proxy roles the script runs fine. If this script gets the proxy role manager (or all roles except anonymous), it fails, it has not got access to 'object'.
This is the VerboseSecurity-enhanced message:
2005-03-30T22:13:38 ERROR(200) SiteError http://intranet.blaagaard.lokal:8280/Members/sune/dok1/content_status_modify Traceback (most recent call last): File "C:\zope275\lib\python\ZPublisher\Publish.py", line 101, in publish request, bind=1) File "C:\zope275\lib\python\ZPublisher\mapply.py", line 88, in mapply if debug is not None: return debug(object,args,context) File "C:\zope275\lib\python\ZPublisher\Publish.py", line 39, in call_object result=apply(object,args) # Type s<cr> to step into published object. File "c:\zope275\instance2\Products\CMFFormController\FSControllerPythonScript.py", line 105, in __call__ result = FSControllerPythonScript.inheritedAttribute('__call__')(self, *args, **kwargs) File "c:\zope275\instance2\Products\CMFFormController\Script.py", line 141, in __call__ return BaseFSPythonScript.__call__(self, *args, **kw) File "c:\zope275\instance2\Products\CMFCore\FSPythonScript.py", line 104, in __call__ return Script.__call__(self, *args, **kw) File "C:\zope275\lib\python\Shared\DC\Scripts\Bindings.py", line 306, in __call__ return self._bindAndExec(args, kw, None) File "C:\zope275\lib\python\Shared\DC\Scripts\Bindings.py", line 343, in _bindAndExec return self._exec(bound_data, args, kw) File "c:\zope275\instance2\Products\CMFCore\FSPythonScript.py", line 160, in _exec result = apply(f, args, kw) File "Script (Python)", line 38, in content_status_modify File "c:\zope275\instance2\Products\CMFPlone\WorkflowTool.py", line 36, in doActionFor result=BaseTool.doActionFor(self, ob, action, wf_id, *args, **kw) File "c:\zope275\instance2\Products\CMFCore\WorkflowTool.py", line 306, in doActionFor return self._invokeWithNotification( File "c:\zope275\instance2\Products\CMFCore\WorkflowTool.py", line 621, in _invokeWithNotification res = apply(func, args, kw) File "c:\zope275\instance2\Products\DCWorkflow\DCWorkflow.py", line 274, in doActionFor self._changeStateOf(ob, tdef, kw) File "c:\zope275\instance2\Products\DCWorkflow\DCWorkflow.py", line 439, in _changeStateOf sdef = self._executeTransition(ob, tdef, kwargs) File "c:\zope275\instance2\Products\DCWorkflow\DCWorkflow.py", line 542, in _executeTransition script(sci) # May throw an exception. File "C:\zope275\lib\python\Shared\DC\Scripts\Bindings.py", line 306, in __call__ return self._bindAndExec(args, kw, None) File "C:\zope275\lib\python\Shared\DC\Scripts\Bindings.py", line 343, in _bindAndExec return self._exec(bound_data, args, kw) File "C:\zope275\lib\python\Products\PythonScripts\PythonScript.py", line 323, in _exec result = f(*args, **kw) File "Script (Python)", line 2, in test File "c:\zope275\instance2/DevProducts\VerboseSecurity\VerboseSecurityPolicy.py", line 225, in validate raise Unauthorized(info) Unauthorized: The owner of the executing script is defined outside the context of the object being accessed. The script has proxy roles, but they do not apply in this context.. Access to 'object' of (Products.DCWorkflow.Expression.StateChangeInfo i nstance at 0x03B85F80) denied. Access requires View_Permission, granted to the following roles: ['Manager', 'Member', 'Owner' , 'Reviewer']. The executing script is (PythonScript at /blaagaard/portal_workflow/plone_workflow/scripts/test), owned by sun e.
Is this a bug in Zope 2.7.5, DCWorkflow, or a 'feature' ?
regards, Sune W.
_______________________________________________ Zope-CMF maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-cmf
See http://collector.zope.org/CMF for bug reports and feature requests
