<http://plone.org/documentation/how-to/debug-unauthorized>
-aj--On 21. März 2008 08:38:46 -0400 Duncan Murdoch <[EMAIL PROTECTED]> wrote:
I'm making some changes to an existing Zope setup. The original author has moved on, and I don't have previous experience with Zope: so the setup is relatively well-designed, but I don't really know the low-level basics well. It's some version of Zope 2 (I'm not sure how to get exact version information.) The problem is this: we have an existing web site that works well. I'd like to create a few pages that are private, accessible only by a list of authorized users. So I created a new directory, and added some users to the acl_users folder. Then on the security page for this directory, I unchecked all the "acquire permission settings" boxes, and checked every permission for the class of user I created. (Later I'll reduce the list, but for now they have everything.) But they still get permission failures when they try to do anything. The log shows the error: You are not allowed to access 'pythonMethods' in this context I have several directories with that name on different parts of the site, so it's not completely clear to me which one I'm not allowed to access. The error log shows this traceback: Traceback (innermost last): * Module ZPublisher.Publish, line 98, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 39, in call_object * Module OFS.DTMLDocument, line 133, in __call__ <DTMLDocument instance at bfa00e0> URL: http://xxxxxxx/test/edit/manage_main Physical Path:/xxx/test/edit * Module DocumentTemplate.DT_String, line 474, in __call__ * Module DocumentTemplate.DT_Util, line 195, in eval __traceback_info__: pythonMethods * Module OFS.DTMLMethod, line 152, in validate Unauthorized: You are not allowed to access 'pythonMethods' in this context (I've xx'd out the URL because I'm pretty sure I haven't got the security setup right.) The test/edit page is a DTML document, which contains this line <dtml-var "pythonMethods.displayheader(id())"> but I'm not certain this is the line that triggers the error. My questions: 1. Are there simple examples of this kind of security setup somewhere? 2. How do I diagnose what's going wrong? Duncan Murdoch _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
-- ZOPYX Ltd. & Co. KG - Charlottenstr. 37/1 - 72070 Tübingen - Germany Web: www.zopyx.com - Email: [EMAIL PROTECTED] - Phone +49 - 7071 - 793376 Registergericht: Amtsgericht Stuttgart, Handelsregister A 381535 Geschäftsführer/Gesellschafter: ZOPYX Limited, Birmingham, UK ------------------------------------------------------------------------ E-Publishing, Python, Zope & Plone development, Consulting
pgpFNk8b33ivB.pgp
Description: PGP signature
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )