Thanks Douglas and Marius, For the quick solution and the background. It's working fine.
Regards, Lothar 2009/4/1 Marius Gedminas <mar...@gedmin.as> > On Tue, Mar 31, 2009 at 02:09:34PM -0700, Douglas Cerna wrote: > > Hi. > > > > I had a similar error and fixed it modifying: > > > > >>> browser.addHeader('Authorization', 'Basic mgr:mgrpw') > > > > To: > > > > >>> browser.addHeader('Authorization', 'Basic globalmgr:globalmgrpw') > > > > Both principals are defined in the ftesting.zcml file of your project, > > but just the globalmgr has the Manager role assigned. > > This is intentional and tends to expose bugs in your application. > > If you have an object without a correct __parent__ chain leading to the > ZODB root, your object will never see local security grants (such as > mgr:mgrpw has) so any users defined TTW won't be able to access it. > > The fix is to ensure that *every* object of your application has a > __parent__. > > (Note that this use of __parent__ for security is independent from > containment -- you don't need your objects to provide ILocation, or have > __name__'s -- the Zope 3 security mechanism looks at __parent__ > attributes without checking interfaces.) > > Marius Gedminas > -- > Life begins when you can spend your spare time programming instead of > watching television. > -- Cal Keegan > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (GNU/Linux) > > iD8DBQFJ0wlZkVdEXeem148RAi35AJ9GkZv41wl7l/b3yjMFBdpB31++7gCdEYNF > BM3jLvijYR1+AZFx2mLYvdc= > =46qz > -----END PGP SIGNATURE----- > > _______________________________________________ > Zope3-users mailing list > Zope3email@example.com > http://mail.zope.org/mailman/listinfo/zope3-users > >
_______________________________________________ Zope3-users mailing list Zope3firstname.lastname@example.org http://mail.zope.org/mailman/listinfo/zope3-users