Velko Ivanov wrote:

My bigger problem is that when I grant zope.Manager to an user in the principals folder, it somehow doesn't get all permitions. I can still manage the site and do everything, except use DA connections (psycopgDA ones to be specific, I didn't check Gadfly), which require zope.app.rdb.Use . Even when I grant the 'Use database connections' permission explicitly, the user is still unable to use psycopgDA. The etc/principals.zcml user with zope.Manage role is able to use the DA.


I never used DA connections, but I think that artefact might be caused by a more general problem: If adapters are not locatable only the global authentication can be invoked. Therefore local principals its privilege are not included. Provide ILocation by those adapters, use the 'locatalbe' attribute of the adapter directive (-> location proxied) or set the permission explicitly to zope.Public.

Regards,
Dominik

_______________________________________________
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to