On Saturday 03 December 2005 01:30, Andrew Milton wrote:
> +-------[ Gaute Amundsen ]----------------------
> | > Since your index_html and docLogin both seem to require permissions to
> | > view,
> |
> | No, no, and NO again. docLogin noes NOT require permission.
> | I can access it without problem. If I cold not this would probably be a
> | simple problem, and I would not be posting to the list.
> |
> | > I would check to make sure that your 'header' and 'footer' items
> | > aren't doing something restricted.
> | >
> | > If you're using DTML, then I'd check that standard_html_header and
> | > standard_html_footer.
> | >
> | > Make sure that in addition to the 'View' permission that also the
> | > 'Access Contents information' permissions are set for Anonymous
> | > on headers, footers and docLogin (and index_html if required).
> |
> | I am sorry, but I have been down that path numerous times, and it is all
> | in order.
> |
> | I remove 'view' permission for anonymous from a folder or index.html file
> | way below acl_users, and I get the described problem when I try to access
> | it. I restore that permission, and everything displays properly.
> | If I go to acl_users/docLogin directly, I can log in with cookies, and
> | everything works fine. I believe that neatly eliminates the concerns you
> | raise here.
> Not really d8) The primary cause for getting a Basic Auth Pop is because
> your login form is attempting to do something that an Anonymous user
> doesn't have permission to do. 

so if I have /foo/bar/baf/, and baf/ is protected, but I can 
view /foo/acl_users/docLogin, you think that docLogin still could be trying 
to touch something restricted? 

Upgraded to 0_20_1 now, but sill the same behavor.
When I create an index.html inside acl_users it displays without complaint as 
I created a new acl_users from scratch, but no difference.

> There's another acl_users between 
> exUserFolder and the content item (so it's getting the wrong user folder,
> unlikely in this case), or you have an item in  your page, header, or
> footer that is duplicated at a lower level that has permissions missing..

You mean that /foo/bar/baf/index.html refers to /image.jpg which is 
outside /foo/acl_users/ "jurisdiction", and that triggers the Basic Auth Pop, 
after login succeeded and redirected to /foo/bar/baf/index.html?

But if I remove the protection on baf/ and /foo/bar/baf/index.html then does 
not trigger the B.A. pop, how could that be? 
I suppose /image.jpg could be restricted for authenticated users, but not for 
anonymous, but that seems rather farfetched, and would not the error message 
indicate that?

> E.g /a/b/c/docLogin  works fine, but, /a/b/c/d/e/docLogin doesn't because
> something at /a/b/c/d or lower is locked for Anon users, but, isn't at
> /a/b/c

In my terms: that image.jpg exists both at / and at /foo/bar/baf/, and that 
the last one is restricted beyond what I have access to even after having 
been sucsessfully logged in via /foo/acl_users/?

> Does that make sense ?

Sort of :)

"successful login makes acquisition pick up something that is still 
restricted, and this triggers a B.A. pop before anything is displayed"
Is that about it?

Only it is slightly beside the point since my problem is not after login, but 
before. In other words that given /foo/bar/baf/index.html with baf/ 
restricted and the nearest UF at /foo/acl_users/, when I 
try /foo/bar/baf/index.html, I do not get redirected 
to /foo/acl_users/docLogin, but get the B.A. pop.

I suppose something in the redirect part could be triggering the ba pop, sort 
of "on the way" to /foo/acl_users/docLogin.

Ther is one on indication something like this is afoot, and that is that after 
I enabled debug messages after upgrading, the log reports two times in a row:
DEBUG(-200) exUserFolder identify returned None, None
with exactly the same timestamp.

I will look into this now..

> | I was hoping it would be a product that many would be familiar with, and
> | that as such it wold be a good reference point to grapple with the more
> | general principles. Noting beats assistance from the author of course,
> | but please don't insist on treating this as a newbee question :)
> Maybe if you saw my INBOX you'd understand d8)

Well, I can imagine :)
These are not easy matters to write clearly and simlpy about, but I hope this 
is better.

Thanks for your patience :)


-- -----------------------------------------------------------------
  Gaute Amundsen               "Technology today is the campfire
  [EMAIL PROTECTED]               around which we tell our stories.
                                          There's this attraction to light
                                          and to this kind of power, which is
                                           both warm and destructive."

                                               Laurie Anderson
Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to