Antwort: Re: [Zope-PTK] Unauthorized Error at cmf.zope.org
Shane Hathaway
shane@digicool.com
Wed, 28 Feb 2001 13:03:55 -0500
clamor@fafalter.de wrote:
>
> Here are some links which didn't work some seconds ago (logged in with a
> freshly startet browser):
>
> http://cmf.zope.org/Members/davew/PortalStuff/PortalPollTutorial
>
> >From the news box:
> http://cmf.zope.org/Members/tres/WikiContentHere
> http://cmf.zope.org/Members/tres/were_up
>
> Maybe it helps
It did, it gave us a miniature test suite. :-)
It turns out that there was a seemingly insignificant detail in the
security declarations for PortalContent that was left out when updating
to the declarative security interface in Zope 2.3.
http://cvs.zope.org/ZopePTK/PTKBase/PortalContent.py.diff?r1=1.56&r2=1.57
In the old code, __ac_permissions__ seems to assign the "View"
permission to a method with no name. This is a trick that has the
effect of controlling the permission required for all otherwise
unprotected methods. The way to spell that in the new security
declarations is like this:
security.declareObjectProtected('View')
This declaration was left out, so the object permission default (for
some odd reason) to the "Access Contents Information" permission, which
is explicitly denied in a lot of places.
So cmf.zope.org, at least this part of it, should be happy and healthy
again.
Shane