On Thursday, Oct 17, 2002, at 08:56 US/Eastern, Dirk Datzert wrote:
if I take the following code:
# This must stay accessible to everyone
def validate( self, request, auth='', roles=_noroles ):
""" The main engine """
luf = self.getLUF()
v = request['PUBLISHED'] # the published object
a, c, n, v = luf._getobcontext(v, request)
name, password = luf.identify(auth)
user = luf.authenticate(name, password, request)
if user is not None:
twiddled_user = self.getUser ( user.getId(),
if twiddled_user is not None:
# On my Test-System it works with authorize()
# On my Integration-System it works only without authorize()
if luf.authorize(twiddled_user, a, c, n, v, roles):
# Could not twiddle a user. Defer to other user folders.
I get an error if I access a protected DTMLMethod:
An error was encountered while publishing this resource.
You are not authorized to access content.
Traceback (innermost last):
File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 224, in publish_module
File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 187, in publish
File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 171, in publish
File /usr/share/zope/lib/python/ZPublisher/mapply.py, line 160, in mapply
File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 112, in call_object
File /usr/share/zope/lib/python/Products/EasyEditor/EasyEditable.py, line 372, in index_html
File /usr/share/zope/lib/python/Products/EasyEditor/EasyTemplates/ EasyViews.py, line 94, in __call__
File /usr/share/zope/lib/python/OFS/DTMLMethod.py, line 197, in __call__
File /usr/share/zope/lib/python/DocumentTemplate/DT_String.py, line 540, in __call__
File /usr/share/zope/lib/python/OFS/DTMLMethod.py, line 269, in validate
File /usr/share/zope/lib/python/AccessControl/SecurityManager.py, line 144, in validate
File /usr/share/zope/lib/python/AccessControl/ZopeSecurityPolicy.py, line 225, in validate
Unauthorized: (see above)
But if I'm a user with role manager everything is ok.
I found out that if the LDAPUser goes into the auth-SimpleCache of the LRT, I got no Unauthorized exception, but than I have a problem with AUTHORIZED_USER.has_permission('View', obj) which returns 0 on each protected obj
under the LRT path.
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - http://lists.zope.org/mailman/listinfo/zope-announce