Brenda Bell wrote at 2008-5-13 13:27 +0000: >In article <[EMAIL PROTECTED]>, > Brenda Bell <[EMAIL PROTECTED]> > wrote: > >> What I can't seem to do is get the permissions right such that a user in >> the Editor role can add new External Files. >> >> I've checked every box on the Security tab for the Editor role. Users >> in the Editor role can view and modify existing ExternalFile's but still >> cannot add new ones. >> > >I enabled VerboseSecurity and I see this in my console window when I try >to add an ExternalFile when logged in as a user who is assigned the >Editor role: > >2008-05-13 13:12:55 ERROR Zope.SiteErrorLog >http://localhost:8090/foo/manage_addProduct/ExternalFile/manage_addObject >ViaGui >Traceback (innermost last): > Module ZPublisher.Publish, line 110, in publish > Module ZPublisher.BaseRequest, line 596, in traverse > Module ZPublisher.HTTPResponse, line 713, in unauthorized >Unauthorized: <strong>You are not authorized to access this >resource.</strong><p> >No Authorization header found.</p>
The "manage_addObject" requires roles for which no user folder in context could identify an appropriate user. You could try to find out in an interactive interpreter (started with "bin/zopectl debug" under "*nix") which roles are required. app.unrestrictedTraverse('foo/manage_addProduct/ExternalFile').manage_addObject__roles__ -- Dieter _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )