Re: [Zope-dev] LDAPRoleTwiddler / BasicUserFolder

Thu, 17 Oct 2002 05:57:41 -0700 

Hi Jens,

if I take the following code:

    # This must stay accessible to everyone
    def validate( self, request, auth='', roles=_noroles ):
        """ The main engine """

        luf = self.getLUF()
        v = request['PUBLISHED'] # the published object
        a, c, n, v = luf._getobcontext(v, request)

        name, password = luf.identify(auth)
        user = luf.authenticate(name, password, request)

        if user is not None:
            twiddled_user = self.getUser ( user.getId(),
                                           user._getPassword()
                                         )
            if twiddled_user is not None:
                # On my Test-System it works with authorize()
                # On my Integration-System it works only without authorize()
                if luf.authorize(twiddled_user, a, c, n, v, roles):
                    return twiddled_user.__of__(luf)

        # Could not twiddle a user.  Defer to other user folders.
        return None

I get an error if I access a protected DTMLMethod:

Site Error
An error was encountered while publishing this resource. 

Unauthorized

You are not authorized to access content. 
Traceback (innermost last):
  File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 224, in publish_module
  File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 187, in publish
  File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 171, in publish
  File /usr/share/zope/lib/python/ZPublisher/mapply.py, line 160, in mapply
    (Object: index_html)
  File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 112, in call_object
    (Object: index_html)
  File /usr/share/zope/lib/python/Products/EasyEditor/EasyEditable.py, line 372, in 
index_html
    (Object: ElementWithAttributes)
  File /usr/share/zope/lib/python/Products/EasyEditor/EasyTemplates/EasyViews.py, line 
94, in __call__
    (Object: default)
  File /usr/share/zope/lib/python/OFS/DTMLMethod.py, line 197, in __call__
    (Object: default)
  File /usr/share/zope/lib/python/DocumentTemplate/DT_String.py, line 540, in __call__
    (Object: default)
  File /usr/share/zope/lib/python/OFS/DTMLMethod.py, line 269, in validate
    (Object: default)
  File /usr/share/zope/lib/python/AccessControl/SecurityManager.py, line 144, in 
validate
  File /usr/share/zope/lib/python/AccessControl/ZopeSecurityPolicy.py, line 225, in 
validate
Unauthorized: (see above)

But if I'm a user with role manager everything is ok. 

I found out that if the LDAPUser goes into the auth-SimpleCache of the LRT, I got no 
Unauthorized exception, but than I have a problem with 
AUTHORIZED_USER.has_permission('View', obj) which returns 0 on each protected obj
under the LRT path. 

Dirk



_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists -
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to