subject:"\[Zope\] new 2.2.4 security\/role bug \?\? \(ZCatalog related \?\?\)"

RE: [Zope] new 2.2.4 security/role bug ?? (ZCatalog related ??)

2000-12-18 Thread Brian Lloyd


> The second weird thing (should help for a diagnostic) is :
> 
> While i have  "manager" role (i can do whatever i want on the manage 
> interface), i tried to give a proxy role to my test method, to 
> see if i could 
> investigate further. 
> And trying to change the proxy role raised an execption, despite 
> the fact i 
> have manager role with full autorisations.

Didier - 

Note that 'Manager' does not automatically give you "full 
authorization". It is only a convention that Manager often 
has all permissions. 

This is important, because in Zope 2.2, you can't give a 
proxy role unless you have *that role* yourself. For example, 
you can't give the proxy role "Editor" to a DTMLMethod unless 
you have it yourself (this is true even if you have the "Manager"
role). The quick fix here is that you need to give yourself
the roles you want to set as proxy roles, and then you will be 
allowed to set them.

Brian Lloyd[EMAIL PROTECTED]
Software Engineer  540.371.6909  
Digital Creations  http://www.digicool.com 



___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

RE: [Zope] new 2.2.4 security/role bug ?? (ZCatalog related ??)

2000-12-18 Thread Didier Georgieff


Brian,

Le 18 Dec 2000, à 11:54, Brian Lloyd a écrit :

> Note that 'Manager' does not automatically give you "full 
> authorization". It is only a convention that Manager often 
> has all permissions. 
> This is important, because in Zope 2.2, you can't give a 
> proxy role unless you have *that role* yourself. 

OK. So if i understand well, i need to create a user with manager AND 
ALL the roles so i'll be able to set any proxy role with that user.
Thanks for the explanation.

So i guess my other weird problem with not accessing objects via the 
catalog and accessing them directly has something to do with some new 
security feature in 2.2 i didn't understood ?
But i can't figure wich one, even in re-reading carefully the zope book.

Anyway, thanks for your clear explanation.

Regards.
--
Didier Georgieff
DDAF du Bas-Rhin - Cellule SIG 
2, rue des Mineurs 67070 Strasbourg Cedex
tél : 03.88.25.20.33 - fax : 03.88.25.20.01
email : [EMAIL PROTECTED]
SIT du Bas-Rhin : http://www.bas-rhin.sit.gouv.fr
GéoWeb http://sertit10.u-strasbg.fr

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

[Zope] new 2.2.4 security/role bug ?? (ZCatalog related ??)

2000-12-18 Thread Didier Georgieff


Hello,

I'm experimenting some really weird and annoying things since i upgraded 
to 2.2.4 with 12-08 and even with 12-15a hotfix (seems to be ok in 2.2.2) 

For all objects, I can access directly (URL) with no problem (according to 
the roles and the local roles. This is ok).

For some of those objects (seems to be all the one i've added in 2.2.4 in 
folders with local roles) I can't (exeption raise) access the objects while in 
the context of the catalog (those objects are Catalog Aware via Yihaw 
product).

I epurate the method until this minimal test method who still raise the 
exeption 


  

  


I have a workaround with a  but i miss all the objects, while they 
are fully reachable directly via their URL

The problems seems to be on objects with local roles (anonymous has no 
view, no access content and other roles have this autorisations via local 
roles).

The second weird thing (should help for a diagnostic) is :

While i have  "manager" role (i can do whatever i want on the manage 
interface), i tried to give a proxy role to my test method, to see if i could 
investigate further. 
And trying to change the proxy role raised an execption, despite the fact i 
have manager role with full autorisations.

This last thing makes me think is an acquisition/role/security bug.

Any idea/solution because we offcially open tomorrow morning, and i'm in 
a deep well embarassed ;-))

===> This is the FIRST traceback.
Zope Error

 Zope has encountered an error while publishing this resource. 

 Unauthorized

 You are not authorized to access title_or_id. 

 Traceback (innermost last):
   File /home/georgieff/Zope-2.2.2-
src/lib/python/ZPublisher/Publish.py, line 222, in publish_module
   File /home/georgieff/Zope-2.2.2-
src/lib/python/ZPublisher/Publish.py, line 187, in publish
   File /home/georgieff/Zope-2.2.2-
src/lib/python/ZPublisher/Publish.py, line 171, in publish
   File /home/georgieff/Zope-2.2.2-
src/lib/python/ZPublisher/mapply.py, line 160, in mapply
 (Object: test_latest)
   File /home/georgieff/Zope-2.2.2-
src/lib/python/ZPublisher/Publish.py, line 112, in call_object
 (Object: test_latest)
   File /home/georgieff/Zope-2.2.2-
src/lib/python/OFS/DTMLMethod.py, line 172, in __call__
 (Object: test_latest)
   File /home/georgieff/Zope-2.2.2-
src/lib/python/DocumentTemplate/DT_String.py, line 528, in __call__
 (Object: test_latest)
   File /home/georgieff/Zope-2.2.2-
src/lib/python/DocumentTemplate/DT_In.py, line 611, in renderwb
 (Object: Catalog(bobobase_modification_time=ZopeTime()-14,
   bobobase_modification_time_usage='range:min',
   sort_on='bobobase_modification_time',
   sort_order='reverse'))
   File /home/georgieff/Zope-2.2.2-
src/lib/python/DocumentTemplate/DT_With.py, line 146, in render
 (Object: Catalog.getobject(data_record_id_))
   File /home/georgieff/Zope-2.2.2-
src/lib/python/OFS/DTMLMethod.py, line 194, in validate
 (Object: test_latest)
   File /home/georgieff/Zope-2.2.2-
src/lib/python/AccessControl/SecurityManager.py, line 139, in validate
   File /home/georgieff/Zope-2.2.2-
src/lib/python/AccessControl/ZopeSecurityPolicy.py, line 209, in validate
 Unauthorized: (see above)


===> This is the SECOND traceback.

Zope Error

  Zope has encountered an error while publishing this resource. 

  Forbidden

  You are not authorized to change test_latest because you do not have 
proxy roles. 

  Traceback (innermost last):
File /home/georgieff/Zope-2.2.2-src/lib/python/ZPublisher/Publish.py, 
line 222, in publish_module
File /home/georgieff/Zope-2.2.2-src/lib/python/ZPublisher/Publish.py, 
line 187, in publish
File /home/georgieff/Zope-2.2.2-src/lib/python/Zope/__init__.py, line 
221, in zpublisher_exception_hook
  (Object: test_latest)
File /home/georgieff/Zope-2.2.2-src/lib/python/ZPublisher/Publish.py, 
line 171, in publish
File /home/georgieff/Zope-2.2.2-src/lib/python/ZPublisher/mapply.py, 
line 160, in mapply
  (Object: manage_proxy)
File /home/georgieff/Zope-2.2.2-src/lib/python/ZPublisher/Publish.py, 
line 112, in call_object
  (Object: manage_proxy)
File /home/georgieff/Zope-2.2.2-src/lib/python/OFS/DTMLMethod.py, 
line 278, in manage_proxy
  (Object: test_latest)
File /home/georgieff/Zope-2.2.2-src/lib/python/OFS/DTMLMethod.py, 
line 271, in _validateProxy
  (Object: test_latest)
  Forbidden: (see above)


--
Didier Georgieff
DDAF du Bas-Rhin - Cellule SIG 
2, rue des Mineurs 67070 Strasbourg Cedex
tél : 03.88.25.20.33 - fax : 03.88.25.20.01
email : [EMAIL PROTECTED]
SIT du Bas-Rhin : http://www.bas-rhin.sit.gouv.fr
GéoWeb http://sertit10.u-strasbg.fr

RE: [Zope] new 2.2.4 security/role bug ?? (ZCatalog related ??)

RE: [Zope] new 2.2.4 security/role bug ?? (ZCatalog related ??)

[Zope] new 2.2.4 security/role bug ?? (ZCatalog related ??)

3 matches

Site Navigation

Mail list logo

Footer information