[Zope-dev] LDAPRoleTwiddler / BasicUserFolder

Dirk Datzert dirk.datzert@tks-rasselstein.thyssenkrupp.com
Thu, 17 Oct 2002 14:56:13 +0200


Hi Jens,

if I take the following code:

    # This must stay accessible to everyone
    def validate( self, request, auth=3D'', roles=3D_noroles ):
        """ The main engine """

        luf =3D self.getLUF()
        v =3D request['PUBLISHED'] # the published object
        a, c, n, v =3D luf._getobcontext(v, request)

        name, password =3D luf.identify(auth)
        user =3D luf.authenticate(name, password, request)

        if user is not None:
            twiddled_user =3D self.getUser ( user.getId(),
                                           user._getPassword()
                                         )
            if twiddled_user is not None:
                # On my Test-System it works with authorize()
                # On my Integration-System it works only without =
authorize()
                if luf.authorize(twiddled_user, a, c, n, v, roles):
                    return twiddled_user.__of__(luf)

        # Could not twiddle a user.  Defer to other user folders.
        return None

I get an error if I access a protected DTMLMethod:

Site Error
An error was encountered while publishing this resource.=20

Unauthorized

You are not authorized to access content.=20
Traceback (innermost last):
  File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 224, in =
publish_module
  File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 187, in =
publish
  File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 171, in =
publish
  File /usr/share/zope/lib/python/ZPublisher/mapply.py, line 160, in =
mapply
    (Object: index_html)
  File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 112, in =
call_object
    (Object: index_html)
  File /usr/share/zope/lib/python/Products/EasyEditor/EasyEditable.py, =
line 372, in index_html
    (Object: ElementWithAttributes)
  File =
/usr/share/zope/lib/python/Products/EasyEditor/EasyTemplates/EasyViews.py=
, line 94, in __call__
    (Object: default)
  File /usr/share/zope/lib/python/OFS/DTMLMethod.py, line 197, in =
__call__
    (Object: default)
  File /usr/share/zope/lib/python/DocumentTemplate/DT_String.py, line =
540, in __call__
    (Object: default)
  File /usr/share/zope/lib/python/OFS/DTMLMethod.py, line 269, in =
validate
    (Object: default)
  File /usr/share/zope/lib/python/AccessControl/SecurityManager.py, line =
144, in validate
  File /usr/share/zope/lib/python/AccessControl/ZopeSecurityPolicy.py, =
line 225, in validate
Unauthorized: (see above)

But if I'm a user with role manager everything is ok.=20

I found out that if the LDAPUser goes into the auth-SimpleCache of the =
LRT, I got no Unauthorized exception, but than I have a problem with =
AUTHORIZED_USER.has_permission('View', obj) which returns 0 on each =
protected obj
under the LRT path.=20

Dirk