[Zope-dev] Trying to understand the nuances of a VerboseSecurity report ..

Jean Jordaan jean@upfrontsystems.co.za
Thu, 20 Feb 2003 13:38:39 +0200


Hi all (and Shane in particular :)

I'm triggering this error:

   Unauthorized: The owner of the executing script is defined
   outside the context of the object being accessed.  Access to
   'basic' of (License_PropertySheetsClass instance at e204528)
   denied. Access requires Access_contents_information_Permission,
   granted to the following roles: ['Administrator', 'Manager',
   'Owner', 'Supporter']. The executing script is (PythonScript
   instance at e208eb8), owned by jean.

I can't understand why .. there is exactly one acl_users in this
Zope instance, in the root, where user 'jean' is defined. The
whole application normally works fine. Currently, the error is
being triggered by a ZUnit unit test. All the other unit tests
(adding, editing and deleting instances of various kinds) works
fine. The code where the error is occuring is this:

"""
# Create a new License instance and grab its propertysheet
license_id  = context.ObjectCounters.newID('License')
new_license = container.newItem(license_id)
new_license_propertysheet = new_license.propertysheets.basic
"""

All I can think is that that object 'basic' lacks context for
some reason (i.e. lacks an acquisition wrapper?). I can't think
why it lacks context .. we use that idiom all over the app, and
don't normally get any problems.

I'm trying to see if reading VerboseSecurity's source will
help, but all I've found so far is a suspect double negation:

"""
def userHasRolesButNotInContext(user, object, object_roles):
     '''Returns 1 if the user has any of the listed roles but
     is not defined in a context which is not an ancestor of object.
     '''
"""

Surely either one of those 'not's should go?

-- 
Jean Jordaan
http://www.upfrontsystems.co.za