John Hunter wrote at 2005-6-7 09:52 -0500:
> ...
>Traceback (innermost last):
> ...
>      URL: 
> http://srp.uchicago.edu/2005/Sections/B1/Amrita%20Arora/ProjectSubmission_addForm/manage_main
>      Physical Path:/srp/2005/Sections/B1/Amrita 
> Arora/ProjectSubmission_addForm
>    * Module DocumentTemplate.DT_String, line 474, in __call__
>    * Module DocumentTemplate.DT_With, line 76, in render
>
>Unauthorized: You are not allowed to access 'mentor' in this context

The "VerboseSecurity" product may give you more detailed information.

I usually analyse such problems in an interactive Python interpreter.
Under *nix, you start it with "bin/zopectl debug" (for Windows,
a "*.bat" file has been posted --> mailing list archive).

You login in the interactive Python interpreter with

    UF = app.acl_users # or some other user folder
    u = UF.getUser('your_user') # what user you want)
    from AccessControl.SecurityManagement import newSecurityUser
    newSecurityUser(None, u.__of__UF)
    # "u" is now logged in

You can check whether Zope thinks the current user can
access attribute "a" with value "v" from container "c" with

    from AccessControl import getSecurityManager as gSM;
    sm = gSM() # the security manager
    sm.validate(c, c, a, v)

It will return "1" for access allowed, or 0 or an "Unauthorized"
exception (do not ask why) for access denied.

For attributes without their own security declarations (such
as properties), "validate" will consult "c.__roles__" (the
roles allowed to access "c")
and "c.__allow_access_to_unprotected_subobjects__".

-- 
Dieter
_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to