On Tue, Mar 31, 2009 at 02:09:34PM -0700, Douglas Cerna wrote:
> Hi.
>
> I had a similar error and fixed it modifying:
>
> >>> browser.addHeader('Authorization', 'Basic mgr:mgrpw')
>
> To:
>
> >>> browser.addHeader('Authorization', 'Basic globalmgr:globalmgrpw')
>
> Both principals are defined in the ftesting.zcml file of your project,
> but just the globalmgr has the Manager role assigned.
This is intentional and tends to expose bugs in your application.
If you have an object without a correct __parent__ chain leading to the
ZODB root, your object will never see local security grants (such as
mgr:mgrpw has) so any users defined TTW won't be able to access it.
The fix is to ensure that *every* object of your application has a
__parent__.
(Note that this use of __parent__ for security is independent from
containment -- you don't need your objects to provide ILocation, or have
__name__'s -- the Zope 3 security mechanism looks at __parent__
attributes without checking interfaces.)
Marius Gedminas
--
Life begins when you can spend your spare time programming instead of
watching television.
-- Cal Keegan
signature.asc
Description: Digital signature
_______________________________________________ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
