[Zope-dev] Strange ZClass permissions problem with 2.2a1

Dr. Ross Lazarus rossl@med.usyd.edu.au
Thu, 18 May 2000 15:24:46 +1000 

I'm testing 2.2a1.
I have some ZClasses which work fine in 2.1.6. I copied my Data.fs to
the new 2.2a1 install.
As a non-superuser I have taken ownership of the top level of the site.
When I try to access a zclass instance which uses manage_tabs in it's
index_html method, I get the traceback shown below.

The relevant code is checking that the containerbase is not the
accessedbase whatever they are!

If I take out manage_tabs from the offending ZClass index_html method, I
can view index_html (but of course, I can't use the management stuff
built in! making it rather useless), so that's where we're getting into
trouble for sure.

I've tried starting out with a vanilla 2.2a1 Data.fs and importing all
the zclasses and the relevent folders - no difference.

Anyone else seeing this?
Is this worthy of the collector?

Traceback (innermost last):
  File /usr/local/zope/zope22a1/lib/python/ZPublisher/Publish.py, line
224, in publish_module
  File /usr/local/zope/zope22a1/lib/python/ZPublisher/Publish.py, line
189, in publish
  File /usr/local/zope/zope22a1/lib/python/ZPublisher/Publish.py, line
175, in publish
  File /usr/local/zope/zope22a1/lib/python/ZPublisher/mapply.py, line
160, in mapply
    (Object: index_html)
  File /usr/local/zope/zope22a1/lib/python/ZPublisher/Publish.py, line
112, in call_object
    (Object: index_html)
  File /usr/local/zope/zope22a1/lib/python/OFS/DTMLMethod.py, line 160,
in __call__
    (Object: index_html)
  File
/usr/local/zope/zope22a1/lib/python/DocumentTemplate/DT_String.py, line
500, in __call__
    (Object: index_html)
  File /usr/local/zope/zope22a1/lib/python/App/special_dtml.py, line
121, in __call__
    (Object: manage_tabs)
    (Info: /usr/local/zope/zope22a1/lib/python/App/manage_tabs.dtml)
  File
/usr/local/zope/zope22a1/lib/python/DocumentTemplate/DT_String.py, line
500, in __call__
    (Object: manage_tabs)
  File /usr/local/zope/zope22a1/lib/python/DocumentTemplate/DT_With.py,
line 146, in render
    (Object: _(manage_options=filtered_manage_options()))
  File /usr/local/zope/zope22a1/lib/python/OFS/DTMLMethod.py, line 180,
in validate
    (Object: index_html)
  File
/usr/local/zope/zope22a1/lib/python/AccessControl/SecurityManager.py,
line 139, in validate
  File
/usr/local/zope/zope22a1/lib/python/AccessControl/ZopeSecurityPolicy.py,
line 160, in validate
Unauthorized: manage_options

-- 

Dr Ross Lazarus
Associate Professor and Sub-Dean for Information Technology
Faculty of Medicine, Room 126A, A27, University of Sydney,
Camperdown, NSW 2006, Australia
Tel: (+61 2) 93514429   Mobile: +61414872482  
Fax: (+61 2) 93516646   Email: rossl@med.usyd.edu.au