I am playing with ZDP-Tools which are ZClassed based. When I try to add a
new object I get security failure.

  <H2>Zope Error</H2>
  <P>Zope has encountered an error while publishing this resource.
  You are not authorized to access <em>manage_editProperties</em>.
Traceback (innermost last):
  File D:\PROGRA~1\Zope22\lib\python\ZPublisher\Publish.py, line 222, in
  File D:\PROGRA~1\Zope22\lib\python\ZPublisher\Publish.py, line 187, in
  File D:\PROGRA~1\Zope22\lib\python\ZPublisher\Publish.py, line 171, in
  File D:\PROGRA~1\Zope22\lib\python\ZPublisher\mapply.py, line 160, in
    (Object: FAQQuestionClass_add)
  File D:\PROGRA~1\Zope22\lib\python\ZPublisher\Publish.py, line 112, in
    (Object: FAQQuestionClass_add)
  File D:\PROGRA~1\Zope22\lib\python\OFS\DTMLMethod.py, line 168, in
    (Object: FAQQuestionClass_add)
  File D:\PROGRA~1\Zope22\lib\python\DocumentTemplate\DT_String.py, line
500, in __call__
    (Object: FAQQuestionClass_add)
  File D:\PROGRA~1\Zope22\lib\python\DocumentTemplate\DT_With.py, line 146,
in render
    (Object: FAQQuestionClass.createInObjectManager(REQUEST['id'], REQUEST))
  File D:\PROGRA~1\Zope22\lib\python\OFS\DTMLMethod.py, line 164, in
    (Object: DocumentFolderClass_add_fragment_exec)
  File D:\PROGRA~1\Zope22\lib\python\DocumentTemplate\DT_String.py, line
500, in __call__
    (Object: DocumentFolderClass_add_fragment_exec)
  File D:\PROGRA~1\Zope22\lib\python\DocumentTemplate\DT_Util.py, line 339,
in eval
    (Object: propertysheets.Info.manage_editProperties(REQUEST))
    (Info: REQUEST)
  File &lt;string&gt;, line 0, in ?
  File D:\PROGRA~1\Zope22\lib\python\DocumentTemplate\DT_Util.py, line 140,
in careful_getattr
  File D:\PROGRA~1\Zope22\lib\python\OFS\DTMLMethod.py, line 187, in
    (Object: FAQQuestionClass_add)
  File D:\PROGRA~1\Zope22\lib\python\AccessControl\SecurityManager.py, line
139, in validate
  File D:\PROGRA~1\Zope22\lib\python\AccessControl\ZopeSecurityPolicy.py,
line 208, in validate
Unauthorized: (see above)

I figure this is due to the new security model. The user I am using doesn't
have Manager privlidges but has permission to add this object. I get the add
form however when I try to submit the above occurs. I think this might have
something to do with the ownership of FAQQuestionClass_add. However I can't
see who owns FAQQuestionClass_add. How is the new security model supposed to
work with ZClasses and how do I get round this problem so I can give a user
the ability to add a new object.

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to