I'm making some changes to an existing Zope setup. The original author has moved on, and I don't have previous experience with Zope: so the setup is relatively well-designed, but I don't really know the low-level basics well. It's some version of Zope 2 (I'm not sure how to get exact version information.)

The problem is this: we have an existing web site that works well. I'd like to create a few pages that are private, accessible only by a list of authorized users. So I created a new directory, and added some users to the acl_users folder. Then on the security page for this directory, I unchecked all the "acquire permission settings" boxes, and checked every permission for the class of user I created. (Later I'll reduce the list, but for now they have everything.)

But they still get permission failures when they try to do anything. The log shows the error:

        You are not allowed to access 'pythonMethods' in this context

I have several directories with that name on different parts of the site, so it's not completely clear to me which one I'm not allowed to access. The error log shows this traceback:

Traceback (innermost last):

    * Module ZPublisher.Publish, line 98, in publish
    * Module ZPublisher.mapply, line 88, in mapply
    * Module ZPublisher.Publish, line 39, in call_object
    * Module OFS.DTMLDocument, line 133, in __call__
      <DTMLDocument instance at bfa00e0>
      URL: http://xxxxxxx/test/edit/manage_main
      Physical Path:/xxx/test/edit
    * Module DocumentTemplate.DT_String, line 474, in __call__
    * Module DocumentTemplate.DT_Util, line 195, in eval
      __traceback_info__: pythonMethods
    * Module OFS.DTMLMethod, line 152, in validate

Unauthorized: You are not allowed to access 'pythonMethods' in this context

(I've xx'd out the URL because I'm pretty sure I haven't got the security setup right.)

The test/edit page is a DTML document, which contains this line

<dtml-var "pythonMethods.displayheader(id())">

but I'm not certain this is the line that triggers the error.

My questions:
1.  Are there simple examples of this kind of security setup somewhere?
2.  How do I diagnose what's going wrong?

Duncan Murdoch

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to