>>>>> "Dieter" == Dieter Maurer <[EMAIL PROTECTED]> writes:
Dieter> John Hunter wrote at 2005-6-7 09:52 -0500: >> ... Traceback (innermost last): ... URL: >> http://srp.uchicago.edu/2005/Sections/B1/Amrita%20Arora/ProjectSubmission_addForm/manage_main >> Physical Path:/srp/2005/Sections/B1/Amrita >> Arora/ProjectSubmission_addForm * Module >> DocumentTemplate.DT_String, line 474, in __call__ * Module >> DocumentTemplate.DT_With, line 76, in render >> >> Unauthorized: You are not allowed to access 'mentor' in this >> context Dieter> The "VerboseSecurity" product may give you more detailed Dieter> information. Hi Dieter, I installed VerboseSecurity and now get a more helpful error message in the log (to refresh your memory, this is a pure ZClass based product which stopped working on an upgrade to 2.7). Here is the updated message Exception Type Unauthorized Exception Value The container has no security assertions. Access to 'mentor' of (FactoryDispatcher instance at 40aeafb0) denied. I googled this error message and found this thread, http://www.gossamer-threads.com/lists/zope/users/176379. You responded to the OP > Unauthorized: The container has no security assertions. Access to > 'title_or_id' of (FactoryDispatcher instance at e68510) > denied. (Also, > an error occurred while attempting to render the standard error message.) This is very strange: It is true that a "FactoryDispatcher" ("App.FactoryDispatcher.FactoryDispatcher") does not have security assertions. But usually, it does not have a "title_or_id" either. Therefore, it should not be relevant with respect to "title_or_id" access that it lacks security assertions. Maybe, it is a bug introduced with the security tighening introduced in Zope 2.7.3 (there was some discussion about such a bug in the mailing list (zope-dev, I think)). You can try to add a "__role__ = None" and maybe a "__allow_access_to_unprotected_subobjects__ = 1" to the "FactoryDispatcher" class (--> "App/FactoryDispatcher.py") to see whether the problem disappears. These two attributes will provide security assertions for the factory. Your "header/manage_main" DTML Method seems a bit strange, too. Why does it use a "dtml-in" and in it a "dtml-with" and in it access to "title_or_id". This is somewhat unexpected in the add form of a ZClass. But there was no followup. Before I start hacking App/FactoryDispatcher.py, I wanted to check in here and see if there was a resolution to this problem, if this is a known bug with a fix, etc. Thanks! JDH _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )