Re: [Zope-dev] 2.6.4.c1 still problem with security

[robert rottermann]

Having read  Stuarts post with a similar context I was digging trough 
DCWorkflow with the debugger and found that

In Shared.DC.Scripts.Bindings._getContext(self), there
seems to be a new security check:
   getSecurityManager().validate(parent, container, '', self)
does only allow Manager to access the  container of the script that is 
called during the DCWorkflow transition.

Any ideas?

Robert

robert rottermann wrote:

Hi there,
I am using zope from cvs Zope-2_6-branch. I still get the following 
assertion in a DCWorkflow which worked flawlessly in 2.6.2

Thanks for any pointers
Robert
Traceback (innermost last):
 Module ZPublisher.Publish, line 98, in publish
 Module ZPublisher.mapply, line 88, in mapply
 Module ZPublisher.Publish, line 39, in call_object
 Module Products.CMFCore.FSPythonScript, line 92, in __call__
 Module Shared.DC.Scripts.Bindings, line 261, in __call__
 Module Shared.DC.Scripts.Bindings, line 292, in _bindAndExec
 Module Products.CMFCore.FSPythonScript, line 126, in _exec
  - __traceback_info__: ({'traverse_subpath': [], 'container': 
<PloneSite instance at 8bbed10>, 'context': <PloneFolder instance at 
96fb608>, 'script': <FSPythonScript at /zehnder/zehnder/createObject 
used for /zehnder/zehnder/tasklist/Task.2004-01-19.3020/Attachments>}, 
(None, 'File', None), {}, (None, None, None))
 Module None, line 12, in createObject
 Module Products.CMFCore.PortalFolder, line 362, in invokeFactory
 Module Products.CMFCore.TypesTool, line 824, in constructContent
 Module Products.CMFCore.TypesTool, line 516, in constructInstance
 Module Products.CMFCore.TypesTool, line 420, in _finishConstruction
 Module Products.CMFCore.CMFCatalogAware, line 101, in 
notifyWorkflowCreated
 Module Products.CMFPlone.WorkflowTool, line 26, in notifyCreated
 Module Products.CMFCore.WorkflowTool, line 362, in notifyCreated
 Module Products.DCWorkflow.DCWorkflow, line 367, in notifyCreated
 Module Products.DCWorkflow.DCWorkflow, line 440, in _changeStateOf
 Module Products.DCWorkflow.DCWorkflow, line 543, in _executeTransition
 Module Shared.DC.Scripts.Bindings, line 261, in __call__
 Module Shared.DC.Scripts.Bindings, line 290, in _bindAndExec
 Module Shared.DC.Scripts.Bindings, line 1, in ?
 Module Shared.DC.Scripts.Bindings, line 224, in _getContext
Unauthorized: You are not allowed to access  in this context



_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )



_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )