[Zope-dev] intSet and the new security model

2000-08-21 Thread Chris Withers 

Hi,

Squishdot uses an intSet called 'thread' to store some information.
Items in this intSet are used in several DTML methods, for example:

A HREF="dtml-var site_url /dtml-var expr="thread[0]"
/index_html#dtml-var id "Return to main thread/A

Now, in Zope 2.2 this throws an unauthorized error as show in the PS.

How can I make this go away in a non-hacky fashion?

cheers,

Chris

PS:

!--
Traceback (innermost last):
  File E:\Zope\227194~1.0\lib\python\ZPublisher\Publish.py, line 222, in
publish_module
  File E:\Zope\227194~1.0\lib\python\ZPublisher\Publish.py, line 187, in
publish
  File E:\Zope\227194~1.0\lib\python\ZPublisher\Publish.py, line 171, in
publish
  File E:\Zope\227194~1.0\lib\python\ZPublisher\mapply.py, line 160, in
mapply
(Object: addPostingForm)
  File E:\Zope\227194~1.0\lib\python\ZPublisher\Publish.py, line 112, in
call_object
(Object: addPostingForm)
  File E:\Zope\227194~1.0\lib\python\OFS\DTMLMethod.py, line 167, in
__call__
(Object: addPostingForm)
  File E:\Zope\227194~1.0\lib\python\DocumentTemplate\DT_String.py, line
502, in __call__
(Object: addPostingForm)
  File E:\Zope\227194~1.0\lib\python\DocumentTemplate\DT_Util.py, line
337, in eval
(Object: thread[0])
(Info: thread)
  File lt;stringgt;, line 0, in ?
  File E:\Zope\227194~1.0\lib\python\DocumentTemplate\DT_Util.py, line
168, in careful_getitem
  File E:\Zope\227194~1.0\lib\python\OFS\DTMLMethod.py, line 189, in
validate
(Object: addPostingForm)
  File E:\Zope\227194~1.0\lib\python\AccessControl\SecurityManager.py,
line 139, in validate
  File
E:\Zope\227194~1.0\lib\python\AccessControl\ZopeSecurityPolicy.py, line
159, in validate
Unauthorized

--

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

[Zope-dev] intSet and the new security model: solved with hack :(

2000-08-21 Thread Chris Withers 

Chris Withers wrote:
 Squishdot uses an intSet called 'thread' to store some information.
 Items in this intSet are used in several DTML methods, for example:
 
 A HREF="dtml-var site_url /dtml-var expr="thread[0]"
 /index_html#dtml-var id "Return to main thread/A
 
 Now, in Zope 2.2 this throws an unauthorized error as show in the PS.

I'ev solved this

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )