Hello,

I am having a permissions problem, and am hoping someone on the list will
see the error in my ways. I have a ZClass, called a FooManager, that
inherits from ObjectManager. It is responsible for creating (and managing)
Foo objects.

In the FooManager ZClass, I created a DTMLMethod called 'addFoo', and a
form called 'fooForm'. Following the "How to Create ZClass Instances
Programmatically" How-To, I modified my 'Foo_add' constructor to avoid
redirecting if the request contains a noRedir parameter.

In my 'addFoo' method, I have:

  <dtml-with "manage_addProduct['FooProduct']">
    <dtml-call "Foo_add(_.None, _, noRedir=1)">
  </dtml-with>

and I set it's Proxy role to 'Manager'.

My form, obviously, calls 'addFoo' with:

  <form action="addFoo" method="...">

When I submit the form, I get:

  Unauthorized.

  You are not authorized to access FooObject.

'FooObject' is the name of my ZClass.

The traceback is:

  ...
  File /d1/zope/pcalc.ptec.com/lib/python/DocumentTemplate/DT_Util.py,
line 331, in eval
      (Object: FooObject.createInObjectManager(REQUEST['id'], REQUEST))
      (Info: FooObject)
    File /d1/zope/pcalc.ptec.com/lib/python/OFS/DTMLMethod.py, line 189,
in validate
      (Object: addFoo)
    File
/d1/zope/pcalc.ptec.com/lib/python/AccessControl/SecurityManager.py, line
139, in validate
    File
/d1/zope/pcalc.ptec.com/lib/python/AccessControl/ZopeSecurityPolicy.py,
line 209, in validate
  Unauthorized: (see above)

I can fix the problem by going directly to my 'FooManager' instance and
giving Anonymous permission to 'Add a Foo Object'. However, I don't want
to do this on a general basis, nor do I want to have to manually adjust
each instance of 'FooManager'. I ONLY want my 'addFoo' method to be able
to do it. I thought the Proxy role in the ZClass's 'addFoo' method would
do the trick, but it did not.

Sorry if I haven't explained this well. As you can probably tell, ZClass
permissions are not exactly my strong suit in Zope.

Anyone have any ideas?

--Jeff

---
Jeff K. Hoffman                               704.849.0731 x108
Chief Technology Officer                      mailto:[EMAIL PROTECTED]
Going Virtual, L.L.C.                         http://www.goingv.com/


_______________________________________________
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to