I am in the process of upgrading from zope 2.5.1 (yes very old) I used to use the following set up. Prototypically I had the following chain of folders and methods: f1 (folder) f1_index (dtmlmethod) f11 (folder) acl_users (user folder) f111 folder index_html (calling f1_index) I used f1 to place methods and scripts to be acquired by methods in f111. At the level of f1 I defined local roles, disabled the acquisition of the view permission and added that permission on the same level again to existing roles including the local roles except Anonymous. F11 contained a user folder populated with accounts with with local roles defined in f1. The url www.domain.nl/f1/f11/f111 would render the content of f1_index after logging in with an account from acl_users in f11 (basic authentication), that is at least up to zope 2.7.3. At least from 2.7.8. on this very same user is not allowed to access f1_index anymore. I could solve the problem by moving the user folder from f11 to f1, but actually I have also f12, f13, f14, and so on, each with its distinct group of users. The setup described enabled me to remove folders at the second level when they are not needed any more including the whole group of users involved. Furthermore, though the second level folders share a group of methods, some were also specific for specific groups. Another option would be to disable the acquisition of the view permission not on the f1 level, but on the f11 level. However, in that case the url www.domain.nl/f1 would acquire the index_html from the root folder in stead of disallowing access. Apparently I have to change my habits. But how do I come near to my use case?
The error message is most verbose in 2.8.4 and reads: Traceback (innermost last): Module ZPublisher.Publish, line 113, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 40, in call_object Module OFS.DTMLMethod, line 144, in __call__ - <DTMLMethod at /f1/f11/f111/index_html> - URL: http://localhost:8080/f1/f11/f111/index_html/manage_main - Physical Path: /f1/f11/f111/index_html Module DocumentTemplate.DT_String, line 476, in __call__ Module AccessControl.ImplPython, line 184, in guarded_getattr Module AccessControl.ImplPython, line 693, in guarded_getattr Module AccessControl.ImplPython, line 635, in aq_validate Module AccessControl.ImplPython, line 529, in validate Module AccessControl.ImplPython, line 449, in validate Module AccessControl.ImplPython, line 774, in raiseVerbose Unauthorized: Your user account is defined outside the context of the object being accessed. Access to 'f1_index' of (Folder at /f1), acquired through (Folder at /f1/f11/f111), denied. Your user account, user1, exists at /f1/f11/acl_users. Access requires one of the following roles: ['Authenticated', 'Manager', 'Owner', 'student'].
f1.zexp
Description: Binary data
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )