Bump -- still hoping for some insight into this issue. Thanks.
-David Hostetler On Thu, Jun 18, 2009 at 18:16, David Hostetler <[email protected]>wrote: > When I add one group as a member of another (through plone, via the groups > overview in site setup), that relationship isn't displayed when I view the > members of the parent group. And yet if I look in acl_users/source_groups > in the ZMI, I see the nested group membership correctly. But when I try to > exercise some permission that would be afforded by the nested group > membership, it acts as though the relationship doesn't exist. > > I.e.: JoeUser is a member of GroupChild. GroupChild was added as a member > of GroupParent. GroupParent is assigned, say, the Editor role. When logged > in as JoeUser, I can't do things that I should be able to do, afforded to me > via my indirect membership in GroupParent. > > I know everything else is wired up right, because if I just assign > GroupChild the same role, then all works as expected. Similarly, if I just > give GroupParent the role, but then explicitly put JoeUser in GroupParent, > all works as expected. > > So despite the description in the groups overview UI, adding one group to > another seemingly doesn't work at all. Some of the underlying zope > machinery seems to make note of the relationship, but Plone is oblivious to > it. > > Note that I also didn't see anything that looked like an error or warning > or anything in the logs when doing this. > > If I don't filter Unauthorized errors, I see this: > > Unauthorized: Your user account does not have the required permission. > Access to 'Title' of (ATDocument at /Plone/index) denied. Your user account, > testuser, exists at /Plone/acl_users. Access requires one of the following > roles: ['Contributor', 'Editor', 'Manager', 'Owner', 'Reader']. Your roles > in this context are ['Authenticated', 'Member']. > > The user should have the 'Editor' role in that context. Plone clearly is > not exercising the nested indirection of group memberships. > > > regards, > > > -David Hostetler >
_______________________________________________ Setup mailing list [email protected] http://lists.plone.org/mailman/listinfo/setup
