I have a simple DTML method:
        <dtml-var standard_html_header>
        <h2><dtml-var title_or_id> <dtml-var document_title></h2>
        This is the <dtml-var document_id> Document 
        in the <dtml-var title_and_id> Folder.
        Welcome, <dtml-var AUTHENTICATED_USER>!
        You have these roles: <dtml-var 
"_.string.join(REQUEST.AUTHENTICATED_USER.getRoles(), ', ')">.
        <dtml-call "manage_addFolder('Folder', 'my new folder')">
        I created a folder!
        <dtml-var standard_html_footer>
It requires "Manager" to view.  When I run it with 
the <dtml-call> commented out, it correctly returns 
my role as "Manager".

I can go through the management interface to create
and destroy folders, but as soon as I view this
method, (it tries to reauthenticate me and) I get:
  Zope Error

  Zope has encountered an error while publishing this resource. 


  You are not authorized to access manage_addFolder. 

  Traceback (innermost last):
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/Publish.py, line 
222, in publish_module
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/Publish.py, line 
187, in publish
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/Publish.py, line 
171, in publish
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/mapply.py, line 160, 
in mapply
      (Object: make_folder)
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/Publish.py, line 
112, in call_object
      (Object: make_folder)
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/OFS/DTMLMethod.py, line 172, in 
      (Object: make_folder)
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/DocumentTemplate/DT_String.py, 
line 528, in __call__
      (Object: make_folder)
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/DocumentTemplate/DT_Util.py, 
line 331, in eval
      (Object: manage_addFolder('Folder', 'my new folder'))
      (Info: manage_addFolder)
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/OFS/DTMLMethod.py, line 194, in 
      (Object: make_folder)
/data/www/Zope/42/Zope-2.2.4b1-src/lib/python/AccessControl/SecurityManager.py, line 
139, in validate
line 183, in validate
  Unauthorized: (see above)

I expected trouble when trying to use proxy roles for
this, but it seems like running as a Manager should
be simple.

I see a similar DTML method in use in a message from 
early October.  Am I missing something or did the
security model change get me?

Thank you.


Zope maillist  -  [EMAIL PROTECTED]
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to