Mailing List Archive: Zope: CMF

Show/hide content from users/groups

Index | Next | Previous | View Threaded

roel.vandenbergh at scarlet

Sep 18, 2007, 3:16 AM

Post #1 of 4 (953 views)
Permalink

Show/hide content from users/groups

Hi all

We're currently in the process of migrating our (very) old Zope-CMF
installation from Zope 2.5.1 - CMF 1.3.1 to the most recent versions (Zope
2.10.4 CMF 2.1.0)

We did a clean install for both Zope & CMF, added the content files trough FTP
and modified the new page templates to our needs.

In the early days we could hide/show content based on the security settings of
folders and elevating user roles as needed. I copied these settings manually
from our old installation to the new one, disabling 'Acquire permission
settings' for both 'Access contents information' and 'View', added a new role
'Level1', and checking 'Level1', 'Manager', 'Owner' & 'Reviewer' enabled. I
added a 'local role' for a user who has 'Member' privileges giving him
'Level1' clearance. All but one folder in the root of the CMF site have these
kind of security alterations.

I also removed 'Acquire permission settings' from 'index_html' and checking
all but 'Anonymous' to require a immediate login

When I try to log in with the credentials of that user, I always get
redirected to the login page. Only if I login with a user with 'Manager'
roles, the site is accessible.

I spend several days digging trough various information sources, but I could
not find a proper solution.

What am I missing here?

With kind regards, Roel.

---
Scarlet One, ADSL 6 Mbps + Telefonie, vanaf EUR 29,95...
http://www.scarlet.be/

_______________________________________________
Zope-CMF maillist - Zope-CMF [at] lists
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests

r.ritz at biologie

Sep 18, 2007, 3:24 AM

Post #2 of 4 (904 views)
Permalink

Re: Show/hide content from users/groups [In reply to]

roel wrote:

[..]

> I spend several days digging trough various information sources, but I could
> not find a proper solution.
>
> What am I missing here?
>
> With kind regards, Roel.
>

'VerboseSecurity' is your friend ;-)

Raphael

>
> ---
> Scarlet One, ADSL 6 Mbps + Telefonie, vanaf EUR 29,95...
> http://www.scarlet.be/
>
> _______________________________________________
> Zope-CMF maillist - Zope-CMF [at] lists
> http://mail.zope.org/mailman/listinfo/zope-cmf
>
> See http://collector.zope.org/CMF for bug reports and feature requests
>

_______________________________________________
Zope-CMF maillist - Zope-CMF [at] lists
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests

roel.vandenbergh at scarlet

Sep 18, 2007, 5:33 AM

Post #3 of 4 (904 views)
Permalink

Re: Show/hide content from users/groups [In reply to]

---------- Originele hoofding -----------

Van :
Naar : zope-cmf [at] zope
Cc :
Datum : Tue, 18 Sep 2007 12:24:57 +0200
Onderwerp : [Zope-CMF] Re: Show/hide content from users/groups

> roel wrote:
>
> [..]
>
> > I spend several days digging trough various information sources, but I could
> > not find a proper solution.
> >
> > What am I missing here?
> >
> > With kind regards, Roel.
> >
>
> 'VerboseSecurity' is your friend ;-)
>
> Raphael

Hmmm ....

Found an interesting page at http://wiki.zope.org/zope2/VerboseSecurity
They apparently did not have this in Zope 2.5.1

Enabled verbose-security, restarted Zope and disabled login_form in cookie
authentication ...

Trying to access the site I got a pop-up asking for credentials ... pretended
to be a user and ... voila ... the site comes up as intended, with hidden
folders discarded as should be. So up to this point I didn't do anything wrong
:-)

Now for the tricky part. I use a 'hard' redirect triggered by the 'logged_in'
page template, so people need to access the site trough the 'login_form'
template (Correct?). So I manually enter http://site/login_form and enter the
necessary credentials. A pop-up appears asking for credentials, which I
enter. This pop-up appears three times on which I get the following message ...

(http://site/logged_in)

Error Type: Unauthorized
Error Value: Your user account does not have the required permission. Access
to 'setProperties' of (ImplicitAcquirerWrapper object at 0xb04612c) denied.
Your user account, Beneens, exists at /total/acl_users. Access requires one of
the following roles: ['Manager']. Your roles in this context are
['Authenticated', 'Member'].
...
For more detailed information about the error, please refer to the error log.

I cannot find any clues in the event.log nor in the Z2.log, but I find it odd
to have to give a mere Member admin rights to be able to log in trough the
standard login form.

Kind regards, Roel.

---
Scarlet One, ADSL 6 Mbps + Telefonie, vanaf EUR 29,95...
http://www.scarlet.be/

_______________________________________________
Zope-CMF maillist - Zope-CMF [at] lists
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests

pw_lists at slinkp

Sep 18, 2007, 6:36 AM

Post #4 of 4 (899 views)
Permalink

Re: Re: Show/hide content from users/groups [In reply to]

On Tue, Sep 18, 2007 at 02:33:21PM +0200, roel wrote:
> Error Type: Unauthorized
> Error Value: Your user account does not have the required permission. Access
> to 'setProperties' of (ImplicitAcquirerWrapper object at 0xb04612c) denied.
> Your user account, Beneens, exists at /total/acl_users. Access requires one of
> the following roles: ['Manager']. Your roles in this context are
> ['Authenticated', 'Member'].
> ...
> For more detailed information about the error, please refer to the error log.
>
> I cannot find any clues in the event.log nor in the Z2.log, but I find it odd
> to have to give a mere Member admin rights to be able to log in trough the
> standard login form.

It would be easier if verbosesecurity would tell you the path of that
object at 0xblahblah ...

Here's a likely possibility though. When you log in to CMF (at least
in CMFDefault), your current and previous login times are set as
properties of a MemberData instance under portal_membership. The
relevant code is in CMFCore/MemberDataTool.py. Check the security
settings of portal_membership.

Failing that, grep the CMFCore and CMFDefault directories for other
occurences of setProperties.

--

Paul Winkler
http://www.slinkp.com
_______________________________________________
Zope-CMF maillist - Zope-CMF [at] lists
http://mail.zope.org/mailman/listinfo/zope-cmf

See http://collector.zope.org/CMF for bug reports and feature requests

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads