[Zope] manage_addFolder unusable from DTML-call?

Kyler B. Laird Sun, 26 Nov 2000 06:17:08 -0800

I have a simple DTML method:
        <dtml-var standard_html_header>
        <h2><dtml-var title_or_id> <dtml-var document_title></h2>
        <p>
        This is the <dtml-var document_id> Document 
        in the <dtml-var title_and_id> Folder.
        </p>
        <p>
        Welcome, <dtml-var AUTHENTICATED_USER>!
        You have these roles: <dtml-var 
"_.string.join(REQUEST.AUTHENTICATED_USER.getRoles(), ', ')">.
        </p>
        <dtml-call "manage_addFolder('Folder', 'my new folder')">
        <p>
        I created a folder!
        </p>
        <dtml-var standard_html_footer>
It requires "Manager" to view.  When I run it with 
the <dtml-call> commented out, it correctly returns 
my role as "Manager".

I can go through the management interface to create
and destroy folders, but as soon as I view this
method, (it tries to reauthenticate me and) I get:
  Zope Error

  Zope has encountered an error while publishing this resource. 

  Unauthorized

  You are not authorized to access manage_addFolder. 

  Traceback (innermost last):
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/Publish.py, line 
222, in publish_module
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/Publish.py, line 
187, in publish
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/Publish.py, line 
171, in publish
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/mapply.py, line 160, 
in mapply
      (Object: make_folder)
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/ZPublisher/Publish.py, line 
112, in call_object
      (Object: make_folder)
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/OFS/DTMLMethod.py, line 172, in 
__call__
      (Object: make_folder)
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/DocumentTemplate/DT_String.py, 
line 528, in __call__
      (Object: make_folder)
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/DocumentTemplate/DT_Util.py, 
line 331, in eval
      (Object: manage_addFolder('Folder', 'my new folder'))
      (Info: manage_addFolder)
    File /data/www/Zope/42/Zope-2.2.4b1-src/lib/python/OFS/DTMLMethod.py, line 194, in 
validate
      (Object: make_folder)
    File 
/data/www/Zope/42/Zope-2.2.4b1-src/lib/python/AccessControl/SecurityManager.py, line 
139, in validate
    File 
/data/www/Zope/42/Zope-2.2.4b1-src/lib/python/AccessControl/ZopeSecurityPolicy.py, 
line 183, in validate
  Unauthorized: (see above)

        
I expected trouble when trying to use proxy roles for
this, but it seems like running as a Manager should
be simple.

I see a similar DTML method in use in a message from 
early October.  Am I missing something or did the
security model change get me?

Thank you.

--kyler

_______________________________________________
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] manage_addFolder unusable from DTML-call?

Reply via email to
