[Zope] Very strange problem with updating an objects properties
Casey Duncan
casey.duncan@state.co.us
Wed, 9 Aug 2000 11:10:40 -0600
> I have made two products, one news-product and one product for
> pressreleases. ... For news this works perfectly but for pressreleases
this doesnt
> work. I am completely puzzled because the code for doing this is the
> same for both of them. Here is how it looks:
>
> <dtml-with "newsEntries">
> <dtml-if "_.getitem(objId,0).approved == 0">
> <dtml-call "REQUEST.set('approved', 1)">
> <dtml-call
"_[objId].propertysheets[1].manage_editProperties(REQUEST)">
...
You could save a line by calling this a little differently by using
manage_changeProperties instead:
change this:
<dtml-call "REQUEST.set('approved', 1)">
<dtml-call
"_[objId].propertysheets[1].manage_editProperties(REQUEST)">
to this:
<dtml-call
"_[objId].propertysheets[1].manage_changeProperties(approved=1)">
> So the updating of both of the products are done by <dtml-call
> "_[objId].propertysheets[1].manage_editProperties(REQUEST)"> but when I
> try to update pressreleases is says I am unauthorized.
This is probably an ownership issue. Make sure the DTML method's owner has
manager rights. In Zope 2.2 the user running a method takes on the security
level of the owner of the method even if it is lower than that of the user.
This is in order to prevent certain trojan horse type attacks.
Good Luck,
Casey Duncan