Thanks Douglas and Marius,
For the quick solution and the background. It's working fine.

Regards,
Lothar

2009/4/1 Marius Gedminas <mar...@gedmin.as>

> On Tue, Mar 31, 2009 at 02:09:34PM -0700, Douglas Cerna wrote:
> > Hi.
> >
> > I had a similar error and fixed it modifying:
> >
> > >>> browser.addHeader('Authorization', 'Basic mgr:mgrpw')
> >
> > To:
> >
> > >>> browser.addHeader('Authorization', 'Basic globalmgr:globalmgrpw')
> >
> > Both principals are defined in the ftesting.zcml file of your project,
> > but just the globalmgr has the Manager role assigned.
>
> This is intentional and tends to expose bugs in your application.
>
> If you have an object without a correct __parent__ chain leading to the
> ZODB root, your object will never see local security grants (such as
> mgr:mgrpw has) so any users defined TTW won't be able to access it.
>
> The fix is to ensure that *every* object of your application has a
> __parent__.
>
> (Note that this use of __parent__ for security is independent from
> containment -- you don't need your objects to provide ILocation, or have
> __name__'s -- the Zope 3 security mechanism looks at __parent__
> attributes without checking interfaces.)
>
> Marius Gedminas
> --
> Life begins when you can spend your spare time programming instead of
> watching television.
>                -- Cal Keegan
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iD8DBQFJ0wlZkVdEXeem148RAi35AJ9GkZv41wl7l/b3yjMFBdpB31++7gCdEYNF
> BM3jLvijYR1+AZFx2mLYvdc=
> =46qz
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Zope3-users mailing list
> Zope3-users@zope.org
> http://mail.zope.org/mailman/listinfo/zope3-users
>
>
_______________________________________________
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users

Reply via email to