On Tue, Mar 31, 2009 at 02:09:34PM -0700, Douglas Cerna wrote: > Hi. > > I had a similar error and fixed it modifying: > > >>> browser.addHeader('Authorization', 'Basic mgr:mgrpw') > > To: > > >>> browser.addHeader('Authorization', 'Basic globalmgr:globalmgrpw') > > Both principals are defined in the ftesting.zcml file of your project, > but just the globalmgr has the Manager role assigned.
This is intentional and tends to expose bugs in your application. If you have an object without a correct __parent__ chain leading to the ZODB root, your object will never see local security grants (such as mgr:mgrpw has) so any users defined TTW won't be able to access it. The fix is to ensure that *every* object of your application has a __parent__. (Note that this use of __parent__ for security is independent from containment -- you don't need your objects to provide ILocation, or have __name__'s -- the Zope 3 security mechanism looks at __parent__ attributes without checking interfaces.) Marius Gedminas -- Life begins when you can spend your spare time programming instead of watching television. -- Cal Keegan
Description: Digital signature
_______________________________________________ Zope3-users mailing list Zope3firstname.lastname@example.org http://mail.zope.org/mailman/listinfo/zope3-users