if shane's "validate" does not work then i assume there is a separate issue independent from it.

jens


On Thursday, Oct 17, 2002, at 08:56 US/Eastern, Dirk Datzert wrote:

Hi Jens,

if I take the following code:

# This must stay accessible to everyone
def validate( self, request, auth='', roles=_noroles ):
""" The main engine """

luf = self.getLUF()
v = request['PUBLISHED'] # the published object
a, c, n, v = luf._getobcontext(v, request)

name, password = luf.identify(auth)
user = luf.authenticate(name, password, request)

if user is not None:
twiddled_user = self.getUser ( user.getId(),
user._getPassword()
)
if twiddled_user is not None:
# On my Test-System it works with authorize()
# On my Integration-System it works only without authorize()
if luf.authorize(twiddled_user, a, c, n, v, roles):
return twiddled_user.__of__(luf)

# Could not twiddle a user. Defer to other user folders.
return None

I get an error if I access a protected DTMLMethod:

Site Error
An error was encountered while publishing this resource.

Unauthorized

You are not authorized to access content.
Traceback (innermost last):
File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 224, in publish_module
File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 187, in publish
File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 171, in publish
File /usr/share/zope/lib/python/ZPublisher/mapply.py, line 160, in mapply
(Object: index_html)
File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 112, in call_object
(Object: index_html)
File /usr/share/zope/lib/python/Products/EasyEditor/EasyEditable.py, line 372, in index_html
(Object: ElementWithAttributes)
File /usr/share/zope/lib/python/Products/EasyEditor/EasyTemplates/ EasyViews.py, line 94, in __call__
(Object: default)
File /usr/share/zope/lib/python/OFS/DTMLMethod.py, line 197, in __call__
(Object: default)
File /usr/share/zope/lib/python/DocumentTemplate/DT_String.py, line 540, in __call__
(Object: default)
File /usr/share/zope/lib/python/OFS/DTMLMethod.py, line 269, in validate
(Object: default)
File /usr/share/zope/lib/python/AccessControl/SecurityManager.py, line 144, in validate
File /usr/share/zope/lib/python/AccessControl/ZopeSecurityPolicy.py, line 225, in validate
Unauthorized: (see above)

But if I'm a user with role manager everything is ok.

I found out that if the LDAPUser goes into the auth-SimpleCache of the LRT, I got no Unauthorized exception, but than I have a problem with AUTHORIZED_USER.has_permission('View', obj) which returns 0 on each protected obj
under the LRT path.

Dirk



_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists - http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )

Reply via email to