I have an external method that contains:

threadFolder = self.unrestrictedTraverse(topFolder + forumId + '/' + threadId, None) threadFolder.manage_changeProperties({'viewCount': threadFolder.viewCount+1})

When this external method is invoked (via an 'Anonymous' user invoking a dtml method) I get the following authentication error:

Traceback (innermost last):
 Module ZPublisher.Publish, line 115, in publish
 Module ZPublisher.mapply, line 88, in mapply
 Module ZPublisher.Publish, line 41, in call_object
 Module OFS.DTMLMethod, line 144, in __call__
  - <DTMLMethod at /Playwiser/WUI/ViewPublicThread>
  - URL: http://new.playwiser.com/ViewPublicThread/manage_main
  - Physical Path: /Playwiser/WUI/ViewPublicThread
 Module DocumentTemplate.DT_String, line 476, in __call__
 Module DocumentTemplate.DT_Let, line 75, in render
 Module DocumentTemplate.DT_Util, line 196, in eval
  - __traceback_info__: document_id
 Module <string>, line 1, in <expression>
 Module Products.ExternalMethod.ExternalMethod, line 232, in __call__
  - __traceback_info__: (('ViewPublicThread',), {}, None)
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 705, in ProcessControl
 Module <string>, line 1, in ?
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 6212, in subViewPublicThread Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 3228, in IncrementViewCount
 Module OFS.PropertyManager, line 320, in manage_changeProperties
 Module Shared.DC.Scripts.Bindings, line 311, in __call__
 Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec
 Module App.special_dtml, line 175, in _exec
 Module Shared.DC.Scripts.Bindings, line 182, in __getattr__
 Module AccessControl.ImplPython, line 563, in validate
 Module AccessControl.ImplPython, line 461, in validate
 Module AccessControl.ImplPython, line 808, in raiseVerbose
Unauthorized: Your user account does not have the required permission. Access to 'manage_page_header' of (BTreeFolder2 at /Playwiser/PublicForums/0000000000/0000000000) denied. Your user account, Anonymous User, exists at /acl_users. Access requires one of the following roles: ['Manager']. Your roles in this context are ['Anonymous'].

I was under the impression that code in external methods runs as 'trusted' and does not incur normal Zope security checks.

Is this error being generated because the external method was invoked by a DTML method or is there some other factor that I am unaware of?


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to