I have some "trusted code" (an external method) which is doing a ZCatalog search:

sRes = targetFolder.Catalog({'PrincipiaSearchSource' : self.REQUEST['searchText']})

But this is causing the following error:

Traceback (innermost last):
 Module ZPublisher.Publish, line 115, in publish
 Module ZPublisher.mapply, line 88, in mapply
 Module ZPublisher.Publish, line 41, in call_object
 Module OFS.DTMLMethod, line 144, in __call__
  - <DTMLMethod at /Playwiser/WUI/SearchPublicPosts>
  - Physical Path: /Playwiser/WUI/SearchPublicPosts
 Module DocumentTemplate.DT_String, line 476, in __call__
 Module DocumentTemplate.DT_Let, line 75, in render
 Module DocumentTemplate.DT_Util, line 196, in eval
  - __traceback_info__: document_id
 Module <string>, line 1, in <expression>
 Module Products.ExternalMethod.ExternalMethod, line 232, in __call__
  - __traceback_info__: (('SearchPublicPosts',), {}, None)
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 718, in ProcessControl
 Module <string>, line 1, in ?
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 6819, in subSearchPublicPosts
 Module Products.ZCatalog.CatalogBrains, line 86, in getObject
 Module OFS.Traversable, line 238, in restrictedTraverse
 Module OFS.Traversable, line 209, in unrestrictedTraverse
  - __traceback_info__: ([], '0000000001')
 Module AccessControl.ImplPython, line 563, in validate
 Module AccessControl.ImplPython, line 461, in validate
 Module AccessControl.ImplPython, line 808, in raiseVerbose
Unauthorized: Your user account does not have the required permission. Access to '0000000001' of (BTreeFolder2 at /Playwiser/PublicForums/0000000000/0000000000) denied. Your user account, Anonymous User, exists at /acl_users. Access requires one of the following roles: ['Manager']. Your roles in this context are ['Anonymous'].

This error is being generated because the containing folders ( /Playwiser/PublicForums/0000000000/0000000000) require 'Manager' privileges to access and the external method is being run from an 'Anonymous' method.

I do not want users to be able to access the folders or content directly (hence the 'Manager' restrictions), I only want users to access the content of these folders via the external method routines (so that I can control inputs, searching and display).

The problem code in CatalogBrains.py is:

line 60:     def getObject(self, REQUEST=None):
line 85:         try:
line 86:            target = parent.restrictedTraverse(path[-1])
line 87:        except ConflictError:
line 88:            raise

Is there any way to get Zope to treat my external method as if it had 'Manager' access privilege so that the restrictedTraverse call doesn't generate the "Unauthorized" error? (ie. in python scripts you can set a proxy role, but I don't know of anything similar for external methods).

Any and all ideas appreciated!


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to