[ZPatterns] authorisation problem

Joachim Schmitz js@aixtraware.de
Fri, 2 Nov 2001 17:33:48 +0100 (CET)


On Fri, 2 Nov 2001, Roché Compaan wrote:

>
> > but when I access mySitefolder/folder1 as Anonymous, the normal root
> > authentication box pops up, when I click cancel the debug-info,- thanks to
> > ZDebug - tells me that mySitefolder/index_html is not allowed to access
> > content.
>
> I have a feeling this is not a LoginManager issue and might be caused
> by ownership or proxy configurations.
>
> I presume mySiteFolder/index_html references standard_html_header and
> footer.  What are the "Ownership" and "Proxy" details of your standard
> header and footer?  Does mySitefolder/folder1/content use the same
> header and footer?
>

I first thought so to, but I tested the same setup with the standart
acl_user-folder. That works as exspected.
Also when I copy the index_html into folder1, it also works correct.

I can debug it to the point, that it reaches the lines

   # And if anonymous doesn't work (or forbiddenPage
   # doesn't make a fuss), then make 'em log in!
   # (or fall back to higher level user folders)
     if hasattr(self,'loginForm') and \
         response.unauthorized.__name__=='unauthorized':

         def lm_unauth(lm=self,request=request,roles=roles,old=response.unauthorized
            lm.loginForm(lm, request, needroles=roles)
            old()

         response.unauthorized = lm_unauth

in LoginManager.validate() and it calling the lm_unauth method, but the
needed roles, there are the roles of the index_html method and not the more
restricted ones of the folder1.




Mit freundlichen Grüßen

Joachim Schmitz

AixtraWare, Ing. Büro für Internetanwendungen
Hüsgenstr. 33a, D-52457 Aldenhoven
Telefon: +49-2464-8851, FAX: +49-2464-905163