[ZPatterns] Can't set proxy roles for SkinScript
Rob Miller
ra@burningman.com
Tue, 7 Jan 2003 19:48:48 -0800
On Tuesday, January 7, 2003, at 05:37 PM, Itai Tavor wrote:
> Hi,
>
> In Zope 2.5.1 with ZPatterns 0.4.3p2 (TransactionAgents 5), trying to
> set the Manager proxy role on a SkinScript results in:
>
> You are not authorized to change ... because you do not have proxy
> roles.
>
> I thought we left this kind of nonsense behind a long time ago. What's
> happening?
this is just zope enforcing its security model, no nonsense about it.
a user is not allowed to assign a proxy role to an object unless the
user has that role himself. this catches people off guard when they're
logged in as a Manager, and then they try to specify a proxy role of,
say, Member, to some page template or python script (or skinscript ;-).
zope will deny this action until the Manager user explicitly adds the
Member role to his user object.
> Also, in a SkinScript that catalogs changed objects, I tried to avoid
> the need for the proxy role by giving my user role the "Manage
> ZCatalog Entries" permission, which is the one protecting
> uncatalog_object in ZCatalog, but I still get an access error on
> uncatalog_object in:
>
> WHEN OBJECT CHANGED CALL
> Catalog.uncatalog_object(_.string.join(self.getPhysicalPath(),'/')),
> Catalog.catalog_object(self,
> _.string.join(self.getPhysicalPath(),'/'))
>
> Can anyone think of a reason why the permission settings are being
> ignored?
this one i can't answer. i'm as curious as you are, actually... i've
always resorted to proxy roles, myself, as you tried to do.
-r