I'm trying to access the getProperty() method of the LDAPUser class in a Python script, in order to access the Active Directory email address of the user.

There is no problem with this, if I use the method on the current active user. However, it doesn't work when I attempt to use the method on another property.

The output of VerboseSecurity is:

*Error Type: Unauthorized*
*Error Value: Your user account does not have the required permission. Access to 'getProperty' of nwuser denied. Your user account, abuser, exists at /acl_users. Access requires one of the following roles: ['Manager']. Your roles in this context are ['Anonymous', 'Authenticated', 'User'].*

It appears that the currently authenticated used has the 'View' permission (required to use getProperty) on itself, but not for other users. I'm not sure how to change this.

In order to get around this problem, I've tried giving the script a Proxy role of Manager. However, when I do this, i get the following output from VerboseSecurity:

*Error Type: Unauthorized*
*Error Value: The owner of the executing script is defined outside the context of the object being accessed. The script has proxy roles, but they do not apply in this context.. Access to 'getProperty' of nwuser denied. Access requires one of the following roles: ['Manager']. The executing script is (PythonScript at /DCARF/Forms/initialContact/initialContact), owned by admin1.

I'm not sure why this is occurring. Giving the script a proxy role of Manager should get around the first problem, but I'm not sure why it doesn't.

Any ideas what is causing this?

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to