I recently upgraded my zope server to 2.7 and a product I wrote which makes heavy use of Z-Classes is now broken. This is a workflow site for a course, and there are Course, Section, Student, ProjectSubmission, etc as ZClasses. To view the page at all students undergo basic authentication. When students want to submit some homework (the have the "Add Project Submissions" Class Permission) they click on a link like the following for the ProjectSubmission add form
http://myserver.com/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm?project_id=A%20Proj&student_id=J%20Hunter Where "J Hunter" is the Student, "S1" is the Section and "A Proj" is the ProjectSubmission. This was working fine until the upgrade, the link took them to the ProjectSubmission_addForm and they could add their submission. After the upgrade, now they get another authentication dialog box and after reentering their username and password, they get the dialog box again, and then if they hit cancel they get (verbose info below) Traceback (innermost last): * Module ZPublisher.Publish, line 101, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 39, in call_object * Module OFS.DTMLMethod, line 130, in __call__ <DTMLMethod instance at 4128fef0> URL: http://srp.uchicago.edu/2005/Sections/B1/Amrita%20Arora/ProjectSubmission_addForm/manage_main Physical Path:/srp/2005/Sections/B1/Amrita Arora/ProjectSubmission_addForm * Module DocumentTemplate.DT_String, line 474, in __call__ * Module DocumentTemplate.DT_With, line 76, in render Unauthorized: You are not allowed to access 'mentor' in this context "mentor" is a field in the StudentPropertySheet. Interestingly, the same result occurs even if I enter a manager or site-root username/password in the authentication dialog box. I googled for the error message and found http://mail.zope.org/pipermail/zope-dev/2004-January/021501.html Based on my read of this, I tried adding the "Manager" proxy role to ProjectSubmission_addForm but this did not help. Any ideas? The add form and the verbose traceback are included below. As I say, all was working fine until a server upgrade so I suspect there is a recent zope feature that I am not handling properly. Thanks, JDH Here is DTML Method ProjectSubmission_addForm <dtml-comment> -*- mode: dtml; dtml-top-element: "body" -*- </dtml-comment> <dtml-var standard_html_header> <dtml-with site_params_py mapping> <form action="ProjectSubmission_add_py" method="post" enctype="multipart/form-data"> <table <dtml-var form_table_params>> <dtml-var "form_table_header_dtml(_.None, _, caption='Enter project submission information', num_columns=2)"> <dtml-comment> <tr> <th <dtml-var form_table_th>>Email</th> <td><input size=50 name="email" value="<dtml-var email>"></td> </tr> </dtml-comment> <tr> <th <dtml-var form_table_th>>Mentor</th> <td><input size=50 name="mentor" value="<dtml-var mentor>"></td> </tr> <tr> <th <dtml-var form_table_th>>Mentor email</th> <td><input size=50 name="mentor_email" value="<dtml-var mentor_email>"></td> </tr> <tr> <th <dtml-var form_table_th>>File</th> <td><input size=60 type="file" name="file_data"></td> </tr> <tr> <th <dtml-var form_table_th>>Title:</th> <td><TEXTAREA WRAP="virtual" NAME="submission_title" ROWS=2 COLS=80 tabindex=1></TEXTAREA></td> </tr> <tr> <th <dtml-var form_table_th>>Synopsis:</th> <td><TEXTAREA WRAP="virtual" NAME="description" ROWS=10 COLS=80 tabindex=1></TEXTAREA></td> </tr> <tr> <th colspan=2 align=center> <input type="submit" value="Upload Submission"></th> </tr> <dtml-comment> Note:hidden must come last, right before the </form> tag </dtml-comment> <input type="hidden" value="<dtml-var project_id>" name="project_id"> <input type="hidden" value="<dtml-var student_id>" name="student_id"> <input type="hidden" value=<dtml-var "REQUEST.get('REMOTE_ADDR')"> name="remote_address" > </form> </table> <br><br> </dtml-with> <br><br> <dtml-var standard_html_footer> Time 2005/06/07 09:54:55 GMT-5 User Name (User Id) student (student) Request URL http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm Exception Type Unauthorized Exception Value You are not allowed to access 'mentor' in this context Traceback (innermost last): * Module ZPublisher.Publish, line 101, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 39, in call_object * Module OFS.DTMLMethod, line 130, in __call__ <DTMLMethod instance at 411fb740> URL: http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/ProjectSubmission_addForm/manage_main Physical Path:/srp/jdh/Sections/S1/J Hunter/ProjectSubmission_addForm * Module DocumentTemplate.DT_String, line 474, in __call__ * Module DocumentTemplate.DT_With, line 76, in render Unauthorized: You are not allowed to access 'mentor' in this context Display traceback as text REQUEST form student_id 'J Hunter' project_id 'A Proj' cookies tree-s 'eJzTyCkw5NLIKTDiClZ3hANPW3WuAmOuRKCECUjWFEU2EiRrBpY1B8laoMimg2QtwbKGBiBpQ0MkeeMgV5C8oRFXIhiA5I2R5bNDwfImEANMwQaYIRQ4hbnngxWYQw3QAwBNLzCv' __cp 'x%DA%D3%60b%60%60%C8%04b%86hF%20%A1%C1%02%24%8AA%DCbf%10QTP%0C%121200-%E6%03%09d%96%A4%C6%17%24%16%25%E6%16%C7%17T%02%00%D9w%0A%F9' _ZopeId '88234626A13Ni1oME3c' lazy items SESSION <bound method SessionDataManager.getSessionData of <SessionDataManager instance at 411e6ad0>> other URL5 'http://bace.bsd.uchicago.edu/srp/jdh/Sections' URL4 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1' URL7 'http://bace.bsd.uchicago.edu/srp' URL6 'http://bace.bsd.uchicago.edu/srp/jdh' URL3 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter' URL2 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct' URL8 'http://bace.bsd.uchicago.edu' AUTHENTICATED_USER student SERVER_URL 'http://bace.bsd.uchicago.edu' AUTHENTICATION_PATH 'srp/jdh' URL 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm' BASE9 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm' PUBLISHED <DTMLMethod instance at 411fb740> TraversalRequestNameStack [] BASE1 'http://bace.bsd.uchicago.edu' BASE2 'http://bace.bsd.uchicago.edu/srp' BASE3 'http://bace.bsd.uchicago.edu/srp/jdh' BASE4 'http://bace.bsd.uchicago.edu/srp/jdh/Sections' BASE5 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1' BASE6 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter' BASE7 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct' BASE8 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course' URL1 'http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course' URL0 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm URL1 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course URL2 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct URL3 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter URL4 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1 URL5 http://bace.bsd.uchicago.edu/srp/jdh/Sections URL6 http://bace.bsd.uchicago.edu/srp/jdh URL7 http://bace.bsd.uchicago.edu/srp URL8 http://bace.bsd.uchicago.edu BASE0 http://bace.bsd.uchicago.edu BASE1 http://bace.bsd.uchicago.edu BASE2 http://bace.bsd.uchicago.edu/srp BASE3 http://bace.bsd.uchicago.edu/srp/jdh BASE4 http://bace.bsd.uchicago.edu/srp/jdh/Sections BASE5 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1 BASE6 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter BASE7 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct BASE8 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course BASE9 http://bace.bsd.uchicago.edu/srp/jdh/Sections/S1/J%20Hunter/manage_addProduct/Course/ProjectSubmission_addForm environ HTTP_COOKIE 'tree-s="eJzTyCkw5NLIKTDiClZ3hANPW3WuAmOuRKCECUjWFEU2EiRrBpY1B8laoMimg2QtwbKGBiBpQ0MkeeMgV5C8oRFXIhiA5I2R5bNDwfImEANMwQaYIRQ4hbnngxWYQw3QAwBNLzCv"; _ZopeId="88234626A13Ni1oME3c"; __cp="x%DA%D3%60b%60%60%C8%04b%86hF%20%A1%C1%02%24%8AA%DCbf%10QTP%0C%121200-%E6%03%09d%96%A4%C6%17%24%16%25%E6%16%C7%17T%02%00%D9w%0A%F9"' SERVER_SOFTWARE 'Zope/(Zope 2.7.3-0, python 2.3.4, linux2) ZServer/1.1' SCRIPT_NAME '' REQUEST_METHOD 'GET' HTTP_KEEP_ALIVE '300' SERVER_PROTOCOL 'HTTP/1.1' QUERY_STRING 'project_id=A%20Proj&student_id=J%20Hunter' channel.creation_time 1118156005 CONNECTION_TYPE 'keep-alive' HTTP_ACCEPT_CHARSET 'ISO-8859-1,utf-8;q=0.7,*;q=0.7' HTTP_USER_AGENT 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4' HTTP_REFERER 'http://bace.bsd.uchicago.edu/srp/jdh' SERVER_NAME 'render.bsd.uchicago.edu' REMOTE_ADDR '128.135.90.133' PATH_TRANSLATED '/srp/jdh/Sections/S1/J Hunter/manage_addProduct/Course/ProjectSubmission_addForm' SERVER_PORT '80' HTTP_HOST 'bace.bsd.uchicago.edu' HTTP_ACCEPT 'text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5' GATEWAY_INTERFACE 'CGI/1.1' HTTP_ACCEPT_LANGUAGE 'en-us,en;q=0.5' HTTP_ACCEPT_ENCODING 'gzip,deflate' PATH_INFO _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )