Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Zope: Users

Confused about permissions

  

 
Zope users RSS feed   Index | Next | Previous | View Threaded


b311b-news at theotherbell

May 12, 2008, 6:59 PM

Post #1 of 4 (252 views)
Permalink
Confused about permissions
I have a simple use case for Zope where a group of users need to be able
to manage content stored in external files. I installed ExternalFile
and it seems to be working as expected for the admin user.

I've created a folder where all ExternalFile objects reside. I've
defined a local role "Editor" for that folder, added a user and assigned
that user to the Editor role.

What I can't seem to do is get the permissions right such that a user in
the Editor role can add new External Files.

I've checked every box on the Security tab for the Editor role. Users
in the Editor role can view and modify existing ExternalFile's but still
cannot add new ones.

I thought maybe the problem had to do with permissions on the
ExternalFile product itself, but when reading the description on the
Define Permissions tab I couldn't really figure out what it was trying
to say:

"The first column below lists the permissions for this object. The
second specifies the permissions that should have this permission in
this product or ZClass. For ZClass methods, only permissions that are
defined for the ZClass are permitted.
In general, any permissions that include operations that change (mutate)
an object should be disabled."

What exactly does this mean?

More to the point: What permissions do I need to assign to my Editor
role so users can add External Files?

_______________________________________________
Zope maillist - Zope[at]zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )


b311b-zope at theotherbell

May 13, 2008, 6:27 AM

Post #2 of 4 (236 views)
Permalink
Re: Confused about permissions [In reply to]
In article <b311b-news-555B7E.01592813052008[at]news.gmane.org>,
Brenda Bell <b311b-news[at]theotherbell.com>
wrote:

> What I can't seem to do is get the permissions right such that a user in
> the Editor role can add new External Files.
>
> I've checked every box on the Security tab for the Editor role. Users
> in the Editor role can view and modify existing ExternalFile's but still
> cannot add new ones.
>

I enabled VerboseSecurity and I see this in my console window when I try
to add an ExternalFile when logged in as a user who is assigned the
Editor role:

2008-05-13 13:12:55 ERROR Zope.SiteErrorLog
http://localhost:8090/foo/manage_addProduct/ExternalFile/manage_addObject
ViaGui
Traceback (innermost last):
Module ZPublisher.Publish, line 110, in publish
Module ZPublisher.BaseRequest, line 596, in traverse
Module ZPublisher.HTTPResponse, line 713, in unauthorized
Unauthorized: <strong>You are not authorized to access this
resource.</strong><p>
No Authorization header found.</p>

A loop in BaseRequest seems to be falling through a loop that's
dependent on ''__allow_groups__''.

I've tried adding a group, assigning the Editor role to the group and
making my user a member of the group. But I still get the same error.

What am I missing?

> I thought maybe the problem had to do with permissions on the
> ExternalFile product itself, but when reading the description on the
> Define Permissions tab I couldn't really figure out what it was trying
> to say:
>
> "The first column below lists the permissions for this object. The
> second specifies the permissions that should have this permission in
> this product or ZClass. For ZClass methods, only permissions that are
> defined for the ZClass are permitted.
> In general, any permissions that include operations that change (mutate)
> an object should be disabled."
>
> What exactly does this mean?
>
> More to the point: What permissions do I need to assign to my Editor
> role so users can add External Files?
>
> _______________________________________________
> Zope maillist - Zope[at]zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )

_______________________________________________
Zope maillist - Zope[at]zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )


tseaver at palladion

May 14, 2008, 10:08 AM

Post #3 of 4 (226 views)
Permalink
Re: Confused about permissions [In reply to]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brenda Bell wrote:
> In article <b311b-news-555B7E.01592813052008[at]news.gmane.org>,
> Brenda Bell <b311b-news[at]theotherbell.com>
> wrote:
>
>> What I can't seem to do is get the permissions right such that a user in
>> the Editor role can add new External Files.
>>
>> I've checked every box on the Security tab for the Editor role. Users
>> in the Editor role can view and modify existing ExternalFile's but still
>> cannot add new ones.

I don't know that product. There is likely another permission, e.g.
'Add External Files', which protects the methods used to create new
instances; that permission is likely distinct from the permissions
required to modify or delete those instances.

> I enabled VerboseSecurity and I see this in my console window when I try
> to add an ExternalFile when logged in as a user who is assigned the
> Editor role:
>
> 2008-05-13 13:12:55 ERROR Zope.SiteErrorLog
> http://localhost:8090/foo/manage_addProduct/ExternalFile/manage_addObject
> ViaGui
> Traceback (innermost last):
> Module ZPublisher.Publish, line 110, in publish
> Module ZPublisher.BaseRequest, line 596, in traverse
> Module ZPublisher.HTTPResponse, line 713, in unauthorized
> Unauthorized: <strong>You are not authorized to access this
> resource.</strong><p>
> No Authorization header found.</p>

That traceback should be from the first request, which then prompts you
to log in (e.g., via basic auth).

The next request should either succeed (if the login / password you
supply matches), or show a different traceback (e.g., invalid credentials).

> A loop in BaseRequest seems to be falling through a loop that's
> dependent on ''__allow_groups__''.

'__allow_groups__' is the name which the authentication machinery uses
to find the user folder: it is an alias for 'acl_users', not visible in
the ZMI.

> I've tried adding a group, assigning the Editor role to the group and
> making my user a member of the group. But I still get the same error.
>
> What am I missing?


Rewa.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver[at]palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIKxyD+gerLs4ltQ4RAr4BAJ9g3VW8CKoNUsTeyOeLv0q4mYJE4QCgu6Id
PoQUteaxY9oNtgwqyNQfdHQ=
=SBFz
-----END PGP SIGNATURE-----

_______________________________________________
Zope maillist - Zope[at]zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )


dieter at handshake

May 16, 2008, 12:56 PM

Post #4 of 4 (215 views)
Permalink
Re: Re: Confused about permissions [In reply to]
Brenda Bell wrote at 2008-5-13 13:27 +0000:
>In article <b311b-news-555B7E.01592813052008[at]news.gmane.org>,
> Brenda Bell <b311b-news[at]theotherbell.com>
> wrote:
>
>> What I can't seem to do is get the permissions right such that a user in
>> the Editor role can add new External Files.
>>
>> I've checked every box on the Security tab for the Editor role. Users
>> in the Editor role can view and modify existing ExternalFile's but still
>> cannot add new ones.
>>
>
>I enabled VerboseSecurity and I see this in my console window when I try
>to add an ExternalFile when logged in as a user who is assigned the
>Editor role:
>
>2008-05-13 13:12:55 ERROR Zope.SiteErrorLog
>http://localhost:8090/foo/manage_addProduct/ExternalFile/manage_addObject
>ViaGui
>Traceback (innermost last):
> Module ZPublisher.Publish, line 110, in publish
> Module ZPublisher.BaseRequest, line 596, in traverse
> Module ZPublisher.HTTPResponse, line 713, in unauthorized
>Unauthorized: <strong>You are not authorized to access this
>resource.</strong><p>
>No Authorization header found.</p>

The "manage_addObject" requires roles for which no user folder
in context could identify an appropriate user.

You could try to find out in an interactive interpreter
(started with "bin/zopectl debug" under "*nix") which
roles are required.

app.unrestrictedTraverse('foo/manage_addProduct/ExternalFile').manage_addObject__roles__



--
Dieter
_______________________________________________
Zope maillist - Zope[at]zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Zope users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.