[Zope-dev] Security Stuff :P (part 3) : the tracebacks

Chris Withers chrisw@nipltd.com
Tue, 22 Aug 2000 13:52:29 +0100


Well, what do you know? I leave it for a couple fo hours to set up a
laptop, come back and try again.
It's not hanging anymore, but I'm still getting the errors when I click
cancel:

Chris Withers wrote:
> Posting's objects have a text attribute called 'subject'
> 
> Unless you have __allow_access_to_unprotected_subobjects__=1, you get
> the following error after you hit cancel on the authentication dialog
> box that pops up:

Traceback (innermost last):
  File E:\Zope\227194~1.0\lib\python\ZPublisher\Publish.py, line 222, in
publish_module
  File E:\Zope\227194~1.0\lib\python\ZPublisher\Publish.py, line 187, in
publish
  File E:\Zope\227194~1.0\lib\python\ZPublisher\Publish.py, line 171, in
publish
  File E:\Zope\227194~1.0\lib\python\ZPublisher\mapply.py, line 160, in
mapply
    (Object: index_html)
  File E:\Zope\227194~1.0\lib\python\ZPublisher\Publish.py, line 112, in
call_object
    (Object: index_html)
  File E:\Zope\227194~1.0\lib\python\OFS\DTMLMethod.py, line 167, in
__call__
    (Object: index_html)
  File E:\Zope\227194~1.0\lib\python\DocumentTemplate\DT_String.py, line
502, in __call__
    (Object: index_html)
  File E:\Zope\227194~1.0\lib\python\OFS\DTMLMethod.py, line 163, in
__call__
    (Object: site_header)
  File E:\Zope\227194~1.0\lib\python\DocumentTemplate\DT_String.py, line
502, in __call__
    (Object: site_header)
  File E:\Zope\227194~1.0\lib\python\DocumentTemplate\DT_In.py, line
691, in renderwob
    (Object: site_item_list)
  File E:\Zope\227194~1.0\lib\python\DocumentTemplate\DT_Util.py, line
331, in eval
    (Object: subject_image(subject))
    (Info: subject)
  File E:\Zope\227194~1.0\lib\python\OFS\DTMLMethod.py, line 189, in
validate
    (Object: index_html)
  File E:\Zope\227194~1.0\lib\python\AccessControl\SecurityManager.py,
line 139, in validate
  File
E:\Zope\227194~1.0\lib\python\AccessControl\ZopeSecurityPolicy.py, line
159, in validate
Unauthorized: subject

> icon is defined in
> Squishfile as follows:
> 
>     icon='misc_/Squishdot/squishfile_img'
> 
> ...and is protected by the 'View' permission, but you still get the following error:

Traceback (innermost last):
  File E:\Zope\227194~1.0\lib\python\ZPublisher\Publish.py, line 222, in
publish_module
  File E:\Zope\227194~1.0\lib\python\ZPublisher\Publish.py, line 187, in
publish
  File E:\Zope\227194~1.0\lib\python\ZPublisher\Publish.py, line 171, in
publish
  File E:\Zope\227194~1.0\lib\python\ZPublisher\mapply.py, line 160, in
mapply
    (Object: index_html)
  File E:\Zope\227194~1.0\lib\python\ZPublisher\Publish.py, line 112, in
call_object
    (Object: index_html)
  File E:\Zope\2.2.0\lib\python\Products\Squishdot\Squishdot.py, line
1388, in index_html
    (Object: RoleManager)
  File E:\Zope\227194~1.0\lib\python\OFS\DTMLMethod.py, line 167, in
__call__
    (Object: posting_html)
  File E:\Zope\227194~1.0\lib\python\DocumentTemplate\DT_String.py, line
502, in __call__
    (Object: posting_html)
  File E:\Zope\227194~1.0\lib\python\DocumentTemplate\DT_In.py, line
691, in renderwob
    (Object: attachment)
  File E:\Zope\227194~1.0\lib\python\OFS\DTMLMethod.py, line 189, in
validate
    (Object: posting_html)
  File E:\Zope\227194~1.0\lib\python\AccessControl\SecurityManager.py,
line 139, in validate
  File
E:\Zope\227194~1.0\lib\python\AccessControl\ZopeSecurityPolicy.py, line
159, in validate
Unauthorized: icon

Any ideas?

cheers,

Chris