John Hunter wrote at 2005-6-7 09:52 -0500:
>Traceback (innermost last):
> Physical Path:/srp/2005/Sections/B1/Amrita
> * Module DocumentTemplate.DT_String, line 474, in __call__
> * Module DocumentTemplate.DT_With, line 76, in render
>Unauthorized: You are not allowed to access 'mentor' in this context
The "VerboseSecurity" product may give you more detailed information.
I usually analyse such problems in an interactive Python interpreter.
Under *nix, you start it with "bin/zopectl debug" (for Windows,
a "*.bat" file has been posted --> mailing list archive).
You login in the interactive Python interpreter with
UF = app.acl_users # or some other user folder
u = UF.getUser('your_user') # what user you want)
from AccessControl.SecurityManagement import newSecurityUser
# "u" is now logged in
You can check whether Zope thinks the current user can
access attribute "a" with value "v" from container "c" with
from AccessControl import getSecurityManager as gSM;
sm = gSM() # the security manager
sm.validate(c, c, a, v)
It will return "1" for access allowed, or 0 or an "Unauthorized"
exception (do not ask why) for access denied.
For attributes without their own security declarations (such
as properties), "validate" will consult "c.__roles__" (the
roles allowed to access "c")
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -