----- Original Message ----- From: "Dieter Maurer" <[EMAIL PROTECTED]> To: "Kees de Brabander" <[EMAIL PROTECTED]> Cc: <zope@zope.org> Sent: Thursday, December 15, 2005 5:54 PM Subject: Re: [Zope] user account defined outside context of object being accessed
> Kees de Brabander wrote at 2005-12-13 22:40 +0100: > > ... > > Module AccessControl.ImplPython, line 449, in validate > > Module AccessControl.ImplPython, line 774, in raiseVerbose > >Unauthorized: Your user account is defined outside the context of the object > >being accessed. Access to 'f1_index' of (Folder at /f1), acquired through > >(Folder at /f1/f11/f111), denied. Your user account, user1, exists at > >/f1/f11/acl_users. Access requires one of the following roles: > >['Authenticated', 'Manager', 'Owner', 'student']. > > A user defined in "/f1/f11/acl_users" tries to access the protected > "/f1/f1_index". This is not allowed by Zope security system: > a user defined in a user folder can only access protected objects > "governed" by this user folder. > > In your case, all objects at or below "/f1/f11" is governed by > your user folder ("/f1/f11/acl_users"). "/f1/f1_index" does not lie > within this hierarchy and is therefore not governed. I am painfully aware now that this is the case, at least starting from zope 2.7.8. I have not tested all versions of zope, but at least up to 2.7.3 zope had no problem with such a set up. _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )