In article <[EMAIL PROTECTED]>, Dieter Maurer
>Robin Becker writes:
> > How can I find out exactly what is causing my security permissioning to
> > fail.
> > 
> > I have put extra stuff into ZPublisher\ at line 463 so I
> > know that I'm failing on
> > 
> > UnauthorizedYou are not authorized to access this resource.
> > URL='' No Authorization header
> > found.
> > 
> > I am an anonymous user. Even when I make /live have the same permissions
> > as the manager I can't make it work. index_html is a dtml method of the
> > class of which live is an instance.
> > 
> > How can I figure out what is blocking the anonymous access.
>The URL traversal in "ZPublisher.BaseRequest.traverse"
>led to a "roles" assignment with a non-"None" value.
>This triggers authentication checking.
>Annonymous did not have one of the necessary roles.
>I would probably check, what "roles" are determined during
>Apparently, your "live" is a Z instance.
>It is quite easy to forget the ZClass permission mapping
>(or get it wrong). This may lead to strange permission
Which ZClass permission mapping? Anonymous seems to be able to 'view'.

The 'Manager' role can log in and do stuff, but even when I change the
permissions of Anonymous to be completely the same as for Manager I
don't get the same behaviour; ie anonymous is being asked to log in?

The problem I suppose is that /live/index_html is really a permission of
/live and I guess the permissions determining access etc are really in /
the object which cannot be traversed to :) 
Robin Becker

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to