Arne Nordmann wrote:
> Hi folks,
> first of all: I'm working with Zope 3.3 and Python 2.4.
> I created a hierarchical structure of OrderedContainers - some kind of a
> tree - and now want to sort it with Python. To move the containers from
> level to level in this tree with the ObjectMover is no problem, but
> updating the order of the contained elements inside the containers fails
> with a ForbiddenAttribute error.
> For example:
> A, B, C are containers with the names 'A', 'B' and 'C'.
> B and C are contained by A.
>>>> A.updateOrder(['C', 'B'])
> Traceback (most recent call last):
> ForbiddenAttribute: ('updateOrder', <mypackage.cont.Cont object at
> (object at 0x022244B0 is OrderedContainer 'A')
> configure.zcml defines each used interface with permission
> 'ManageContent' and I'm logged in as 'Manager'. Accessing the method
> keys(), values(), etc. of the OrderedContainers is no problem. So what's
> the problem?
ForbiddenAttribute are always (ALWAYS!!!) a lack of missing security
declarations or code accessing stuff it shouldn't. Since accessing
updateOrder seems reasonable to do, you're most definitely lacking a
security declaration for it.
Zope will not allow anything if you don't declare it.
Zope3-users mailing list