Joerg Baach wrote at 2008-2-25 19:45 +0000:
>I am trying to have a folderish object that acquires from a user object
>(ldapuserfolder). It should have its own properties and contents, but
>fall back to the ones of the ldap user.
>I have created an object, extending Folder, and it behaves nicely in
>zopectl debug. When I try to access it through e.g. a python script I
>Error Type: Unauthorized
>Error Value: Unable to find __roles__ in the container and the container
>is not wrapped. Access to 'dn' of test, acquired through (LDAPProxy at
When you access attribute "x" (with value "xv") on object "o",
Zope will first check whether "xv" has security declarations (more
precisely, a "__roles__" attribute). If it has, they are used.
Otherwise, Zope checks for "o.x__roles__". If found, they are used.
Otherwise, "o.__roles__" may be examined (under some circumstances).
Note that for most security declarations,
"o" needs to be fully acquisition wrapped.
Otherwise, there may be two problems:
* Zope cannot find the information to map permissions to roles
(as this mapping is defined on the acquisition path leading
to the root)
* "o" does is not "covered" by the user folder which
has identified the current user.
A user has only special roles on objects "covered" by
its user folder.
A object is "covered" by a user folder, when the object
lies in the subtree rooted in the user folder's container.
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -