In article <[EMAIL PROTECTED]>,
Brenda Bell <[EMAIL PROTECTED]>
> What I can't seem to do is get the permissions right such that a user in
> the Editor role can add new External Files.
> I've checked every box on the Security tab for the Editor role. Users
> in the Editor role can view and modify existing ExternalFile's but still
> cannot add new ones.
I enabled VerboseSecurity and I see this in my console window when I try
to add an ExternalFile when logged in as a user who is assigned the
2008-05-13 13:12:55 ERROR Zope.SiteErrorLog
Traceback (innermost last):
Module ZPublisher.Publish, line 110, in publish
Module ZPublisher.BaseRequest, line 596, in traverse
Module ZPublisher.HTTPResponse, line 713, in unauthorized
Unauthorized: <strong>You are not authorized to access this
No Authorization header found.</p>
A loop in BaseRequest seems to be falling through a loop that's
dependent on ''__allow_groups__''.
I've tried adding a group, assigning the Editor role to the group and
making my user a member of the group. But I still get the same error.
What am I missing?
> I thought maybe the problem had to do with permissions on the
> ExternalFile product itself, but when reading the description on the
> Define Permissions tab I couldn't really figure out what it was trying
> to say:
> "The first column below lists the permissions for this object. The
> second specifies the permissions that should have this permission in
> this product or ZClass. For ZClass methods, only permissions that are
> defined for the ZClass are permitted.
> In general, any permissions that include operations that change (mutate)
> an object should be disabled."
> What exactly does this mean?
> More to the point: What permissions do I need to assign to my Editor
> role so users can add External Files?
> Zope maillist - Zope@zope.org
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-dev )
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -