I am having a permissions problem, and am hoping someone on the list will
see the error in my ways. I have a ZClass, called a FooManager, that
inherits from ObjectManager. It is responsible for creating (and managing)
Foo objects.

In the FooManager ZClass, I created a DTMLMethod called 'addFoo', and a
form called 'fooForm'. Following the "How to Create ZClass Instances
Programmatically" How-To, I modified my 'Foo_add' constructor to avoid
redirecting if the request contains a noRedir parameter.

In my 'addFoo' method, I have:

  <dtml-with "manage_addProduct['FooProduct']">
    <dtml-call "Foo_add(_.None, _, noRedir=1)">

and I set it's Proxy role to 'Manager'.

My form, obviously, calls 'addFoo' with:

  <form action="addFoo" method="...">

When I submit the form, I get:


  You are not authorized to access FooObject.

'FooObject' is the name of my ZClass.

The traceback is:

  File /d1/zope/pcalc.ptec.com/lib/python/DocumentTemplate/DT_Util.py,
line 331, in eval
      (Object: FooObject.createInObjectManager(REQUEST['id'], REQUEST))
      (Info: FooObject)
    File /d1/zope/pcalc.ptec.com/lib/python/OFS/DTMLMethod.py, line 189,
in validate
      (Object: addFoo)
/d1/zope/pcalc.ptec.com/lib/python/AccessControl/SecurityManager.py, line
139, in validate
line 209, in validate
  Unauthorized: (see above)

I can fix the problem by going directly to my 'FooManager' instance and
giving Anonymous permission to 'Add a Foo Object'. However, I don't want
to do this on a general basis, nor do I want to have to manually adjust
each instance of 'FooManager'. I ONLY want my 'addFoo' method to be able
to do it. I thought the Proxy role in the ZClass's 'addFoo' method would
do the trick, but it did not.

Sorry if I haven't explained this well. As you can probably tell, ZClass
permissions are not exactly my strong suit in Zope.

Anyone have any ideas?


Jeff K. Hoffman                               704.849.0731 x108
Chief Technology Officer                      mailto:[EMAIL PROTECTED]
Going Virtual, L.L.C.                         http://www.goingv.com/

Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to