"Jay, Dylan" wrote:
> I am playing with ZDP-Tools which are ZClassed based. When I try to add a
> new object I get security failure.
>   <H2>Zope Error</H2>
>   <P>Zope has encountered an error while publishing this resource.
>   </P>
>   <P><STRONG>Unauthorized</STRONG></P>
>   You are not authorized to access <em>manage_editProperties</em>.
> <!--
> Traceback (innermost last):
>   File D:\PROGRA~1\Zope22\lib\python\ZPublisher\Publish.py, line 222, in
> publish_module
>   File D:\PROGRA~1\Zope22\lib\python\ZPublisher\Publish.py, line 187, in
> publish
>   File D:\PROGRA~1\Zope22\lib\python\ZPublisher\Publish.py, line 171, in
> publish
>   File D:\PROGRA~1\Zope22\lib\python\ZPublisher\mapply.py, line 160, in
> mapply
>     (Object: FAQQuestionClass_add)
>   File D:\PROGRA~1\Zope22\lib\python\ZPublisher\Publish.py, line 112, in
> call_object
>     (Object: FAQQuestionClass_add)
>   File D:\PROGRA~1\Zope22\lib\python\OFS\DTMLMethod.py, line 168, in
> __call__
>     (Object: FAQQuestionClass_add)
>   File D:\PROGRA~1\Zope22\lib\python\DocumentTemplate\DT_String.py, line
> 500, in __call__
>     (Object: FAQQuestionClass_add)
>   File D:\PROGRA~1\Zope22\lib\python\DocumentTemplate\DT_With.py, line 146,
> in render
>     (Object: FAQQuestionClass.createInObjectManager(REQUEST['id'], REQUEST))
>   File D:\PROGRA~1\Zope22\lib\python\OFS\DTMLMethod.py, line 164, in
> __call__
>     (Object: DocumentFolderClass_add_fragment_exec)
>   File D:\PROGRA~1\Zope22\lib\python\DocumentTemplate\DT_String.py, line
> 500, in __call__
>     (Object: DocumentFolderClass_add_fragment_exec)
>   File D:\PROGRA~1\Zope22\lib\python\DocumentTemplate\DT_Util.py, line 339,
> in eval
>     (Object: propertysheets.Info.manage_editProperties(REQUEST))
>     (Info: REQUEST)
>   File &lt;string&gt;, line 0, in ?
>   File D:\PROGRA~1\Zope22\lib\python\DocumentTemplate\DT_Util.py, line 140,
> in careful_getattr
>   File D:\PROGRA~1\Zope22\lib\python\OFS\DTMLMethod.py, line 187, in
> validate
>     (Object: FAQQuestionClass_add)
>   File D:\PROGRA~1\Zope22\lib\python\AccessControl\SecurityManager.py, line
> 139, in validate
>   File D:\PROGRA~1\Zope22\lib\python\AccessControl\ZopeSecurityPolicy.py,
> line 208, in validate
> Unauthorized: (see above)
> I figure this is due to the new security model. The user I am using doesn't
> have Manager privlidges but has permission to add this object. I get the add
> form however when I try to submit the above occurs. I think this might have
> something to do with the ownership of FAQQuestionClass_add. However I can't
> see who owns FAQQuestionClass_add. How is the new security model supposed to
> work with ZClasses and how do I get round this problem so I can give a user
> the ability to add a new object.

Check fo rthe permission "Manage Properties". This one threw me for a
while. I posted this a week or two back, you should be able to find it
in the archives.
This works wehn I call the addForm directly, yet when I use a form local
to the direntoy and s the "<dmtl-with ..." technique from the FAQ As I
use in KnowledgeKit), it doesn't seem happy, requesting authentication
through Basic Auth, as opposed to the Cookie Login form I use currently
(Membership 0.6.0).

I am working on this, and will pst a fix as soon as I have one.

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to