[Zope] Very strange problem with updating an objects properties

Peter Arvidsson peter@innodev.com
Thu, 10 Aug 2000 08:32:08 +0200


> You could save a line by calling this a little differently by using
> manage_changeProperties instead:
> 
> change this:
>       <dtml-call "REQUEST.set('approved', 1)">
>       <dtml-call
> "_[objId].propertysheets[1].manage_editProperties(REQUEST)">
> 
> to this:
>       <dtml-call
> "_[objId].propertysheets[1].manage_changeProperties(approved=1)">


Thanks for the advice. However the updating is not only regarding the
property "approved". I also get lots of other properties from a form
before this method. I guess I can specify all the properties but I dont
think that will make much of a difference and thats why I was a bit lazy
:)


> 
> > So the updating of both of the products are done by <dtml-call
> > "_[objId].propertysheets[1].manage_editProperties(REQUEST)"> but when I
> > try to update pressreleases is says I am unauthorized.
> 
> This is probably an ownership issue. Make sure the DTML method's owner has
> manager rights. In Zope 2.2 the user running a method takes on the security
> level of the owner of the method even if it is lower than that of the user.
> This is in order to prevent certain trojan horse type attacks.

I solved the problem yesterday. It was objId that changed somewhere
between the from and this method. This is a big problem with Zope. When
one is trying to refer to an object that exist but dont have the
properties I specify I just get the error "Unauthorized" and not any
other error. It is very difficult to try to find the problem with such a
strange errormessage...