Joerg Baach wrote at 2008-2-25 19:45 +0000: > ... >I am trying to have a folderish object that acquires from a user object >(ldapuserfolder). It should have its own properties and contents, but >fall back to the ones of the ldap user. > >I have created an object, extending Folder, and it behaves nicely in >zopectl debug. When I try to access it through e.g. a python script I >get an: > >Error Type: Unauthorized >Error Value: Unable to find __roles__ in the container and the container >is not wrapped. Access to 'dn' of test, acquired through (LDAPProxy at >/testfolder/ldapproxy), denied.
When you access attribute "x" (with value "xv") on object "o", Zope will first check whether "xv" has security declarations (more precisely, a "__roles__" attribute). If it has, they are used. Otherwise, Zope checks for "o.x__roles__". If found, they are used. Otherwise, "o.__roles__" may be examined (under some circumstances). Note that for most security declarations, "o" needs to be fully acquisition wrapped. Otherwise, there may be two problems: * Zope cannot find the information to map permissions to roles (as this mapping is defined on the acquisition path leading to the root) * "o" does is not "covered" by the user folder which has identified the current user. A user has only special roles on objects "covered" by its user folder. A object is "covered" by a user folder, when the object lies in the subtree rooted in the user folder's container. -- Dieter _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )