[Zope] read_raw() not allowed below root ?

Didier Georgieff Didier.GEORGIEFF@agriculture.gouv.fr
20 Dec 2000 16:25:04 +0100


Hello,

I have a new problem wich i suspect is related with the weird things i didn't solved yet. I 
still don't found if it's a misunderstanding about new 2.2 security (like setting a local 
role ONLY if you have this local role) or a real problem.

I have a view_code method (stolen from Yihaw) wich basically look at code, properties, 
folders and print it.

It was working like a charm under 2.1.6.

Now on 2.2.4 (with the 12-08, 12-15a and 12-18 hotfix) and TransparentFolder 0.3:
 
* I don't have access to read-raw() (Unauthorized traceback below) , even if i'm 
manager (and even on folders without local roles) and even with manager as proxy role 
for this method.
* ownership is implicit
* and i deleted the remaining "superuser" having a local role on this method.

Until i understand what is going on (a bug or a misunderstanding), i guess i'll (gently ;-) 
flood the list.
I'm deeply sorry to post again, but i found no information on the archive (read_raw), the 
explanations on the new security model didn't ring a bell, so ....

Thanks for any help or tip.

Unauthorized
You are not authorized to access read_raw. 
Traceback (innermost last):
  File /zope/2-2-2/lib/python/ZPublisher/Publish.py, line 222, 
in publish_module
  File /zope/2-2-2/lib/python/ZPublisher/Publish.py, line 187, 
in publish
  File /zope/2-2-2/lib/python/ZPublisher/Publish.py, line 171, 
in publish
  File /zope/2-2-2/lib/python/ZPublisher/mapply.py, line 160, 
in mapply
    (Object: view_code)
  File /zope/2-2-2/lib/python/ZPublisher/Publish.py, line 112, 
in call_object
    (Object: view_code)
  File /zope/2-2-2/lib/python/OFS/DTMLMethod.py, line 172, in 
__call__
    (Object: view_code)
  File /zope/2-2-2/lib/python/DocumentTemplate/DT_String.py, 
line 528, in __call__
    (Object: view_code)
  File /zope/2-2-2/lib/python/DocumentTemplate/DT_In.py, line 
691, in renderwob
    (Object: objectItems('DTML Method'))
  File /zope/2-2-2/lib/python/DocumentTemplate/DT_Var.py, line 
278, in render
    (Object: read_raw())
  File /zope/2-2-2/lib/python/DocumentTemplate/DT_Util.py, 
line 331, in eval
    (Object: read_raw())
    (Info: read_raw)
  File /zope/2-2-2/lib/python/OFS/DTMLMethod.py, line 194, in 
validate
    (Object: view_code)
  File /zope/2-2-
2/lib/python/AccessControl/SecurityManager.py, line 139, in 
validate
  File /zope/2-2-
2/lib/python/AccessControl/ZopeSecurityPolicy.py, line 183, in 
validate
Unauthorized: (see above)


--
Didier Georgieff
DDAF du Bas-Rhin - Cellule SIG 
2, rue des Mineurs 67070 Strasbourg Cedex
tél : 03.88.25.20.33 - fax : 03.88.25.20.01
email : didier.georgieff@agriculture.gouv.fr
SIT du Bas-Rhin : http://www.bas-rhin.sit.gouv.fr
GéoWeb http://sertit10.u-strasbg.fr