In article <[EMAIL PROTECTED]>, Brenda Bell <[EMAIL PROTECTED]> wrote:
> What I can't seem to do is get the permissions right such that a user in > the Editor role can add new External Files. > > I've checked every box on the Security tab for the Editor role. Users > in the Editor role can view and modify existing ExternalFile's but still > cannot add new ones. > I enabled VerboseSecurity and I see this in my console window when I try to add an ExternalFile when logged in as a user who is assigned the Editor role: 2008-05-13 13:12:55 ERROR Zope.SiteErrorLog http://localhost:8090/foo/manage_addProduct/ExternalFile/manage_addObject ViaGui Traceback (innermost last): Module ZPublisher.Publish, line 110, in publish Module ZPublisher.BaseRequest, line 596, in traverse Module ZPublisher.HTTPResponse, line 713, in unauthorized Unauthorized: <strong>You are not authorized to access this resource.</strong><p> No Authorization header found.</p> A loop in BaseRequest seems to be falling through a loop that's dependent on ''__allow_groups__''. I've tried adding a group, assigning the Editor role to the group and making my user a member of the group. But I still get the same error. What am I missing? > I thought maybe the problem had to do with permissions on the > ExternalFile product itself, but when reading the description on the > Define Permissions tab I couldn't really figure out what it was trying > to say: > > "The first column below lists the permissions for this object. The > second specifies the permissions that should have this permission in > this product or ZClass. For ZClass methods, only permissions that are > defined for the ZClass are permitted. > In general, any permissions that include operations that change (mutate) > an object should be disabled." > > What exactly does this mean? > > More to the point: What permissions do I need to assign to my Editor > role so users can add External Files? > > _______________________________________________ > Zope maillist - [email protected] > http://mail.zope.org/mailman/listinfo/zope > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope-dev ) _______________________________________________ Zope maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
