On Tue, Mar 31, 2009 at 02:09:34PM -0700, Douglas Cerna wrote:
> Hi.
> I had a similar error and fixed it modifying:
> >>> browser.addHeader('Authorization', 'Basic mgr:mgrpw')
> To:
> >>> browser.addHeader('Authorization', 'Basic globalmgr:globalmgrpw')
> Both principals are defined in the ftesting.zcml file of your project,
> but just the globalmgr has the Manager role assigned.

This is intentional and tends to expose bugs in your application.

If you have an object without a correct __parent__ chain leading to the
ZODB root, your object will never see local security grants (such as
mgr:mgrpw has) so any users defined TTW won't be able to access it.

The fix is to ensure that *every* object of your application has a

(Note that this use of __parent__ for security is independent from
containment -- you don't need your objects to provide ILocation, or have
__name__'s -- the Zope 3 security mechanism looks at __parent__
attributes without checking interfaces.)

Marius Gedminas
Life begins when you can spend your spare time programming instead of
watching television.
                -- Cal Keegan

Attachment: signature.asc
Description: Digital signature

Zope3-users mailing list

Reply via email to