<http://plone.org/documentation/how-to/debug-unauthorized>
-aj--On 21. März 2008 08:38:46 -0400 Duncan Murdoch <[EMAIL PROTECTED]> wrote:
I'm making some changes to an existing Zope setup. The original author
has moved on, and I don't have previous experience with Zope: so the
setup is relatively well-designed, but I don't really know the low-level
basics well. It's some version of Zope 2 (I'm not sure how to get exact
version information.)
The problem is this: we have an existing web site that works well. I'd
like to create a few pages that are private, accessible only by a list of
authorized users. So I created a new directory, and added some users to
the acl_users folder. Then on the security page for this directory, I
unchecked all the "acquire permission settings" boxes, and checked every
permission for the class of user I created. (Later I'll reduce the list,
but for now they have everything.)
But they still get permission failures when they try to do anything. The
log shows the error:
You are not allowed to access 'pythonMethods' in this context
I have several directories with that name on different parts of the site,
so it's not completely clear to me which one I'm not allowed to access.
The error log shows this traceback:
Traceback (innermost last):
* Module ZPublisher.Publish, line 98, in publish
* Module ZPublisher.mapply, line 88, in mapply
* Module ZPublisher.Publish, line 39, in call_object
* Module OFS.DTMLDocument, line 133, in __call__
<DTMLDocument instance at bfa00e0>
URL: http://xxxxxxx/test/edit/manage_main
Physical Path:/xxx/test/edit
* Module DocumentTemplate.DT_String, line 474, in __call__
* Module DocumentTemplate.DT_Util, line 195, in eval
__traceback_info__: pythonMethods
* Module OFS.DTMLMethod, line 152, in validate
Unauthorized: You are not allowed to access 'pythonMethods' in this
context
(I've xx'd out the URL because I'm pretty sure I haven't got the security
setup right.)
The test/edit page is a DTML document, which contains this line
<dtml-var "pythonMethods.displayheader(id())">
but I'm not certain this is the line that triggers the error.
My questions:
1. Are there simple examples of this kind of security setup somewhere?
2. How do I diagnose what's going wrong?
Duncan Murdoch
_______________________________________________
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
-- ZOPYX Ltd. & Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany Web: www.zopyx.com - Email: [EMAIL PROTECTED] - Phone +49 - 7071 - 793376 Registergericht: Amtsgericht Stuttgart, Handelsregister A 381535 Geschäftsführer/Gesellschafter: ZOPYX Limited, Birmingham, UK ------------------------------------------------------------------------ E-Publishing, Python, Zope & Plone development, Consulting
pgpFNk8b33ivB.pgp
Description: PGP signature
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
