[Zope] acquisition/acl_users/permissions: is something broken? 2e post on this pb.

[Dieter Maurer]

Gilles Lavaux writes:
 > My problem: I am logged in as 'operator'. Sometime, accessing
 > '/sms/shtml/stations/check' show me:
 >   -Logged in as: Anonymous User   and has role(s):Anonymous
 > instead of:
 >   -Logged in as: operator   and has role(s): sms_admin
 > 
 > why????????   (this with IE and Netscape)
Only sometimes?

Did you already recognize a pattern?

 > I just have a guess: the 'operator' user is defined in '/sms/acl_users' and
 > my stationx users are defined in '/sms/shtml/stations/acl_users'.
 > So: is it possible that when I do my 'check' as operator, the acquisition go
 > to the acl_users which contains the stationx users and miss the other
 > acl_users folder (which is two levels above) ?
A user folder is only allowed to return "Annonymous", if
it is the top level user folder.

Thus, your "/sms/shtml/statios/acl_users" must return "None"
and ZPublisher should ask "/sms/acl_users" which should return
"Operator".

 > Another investigation: I am logged as operator in a new browser and have the
 > problem, I click on a link for a stationx user but cancel the http
 > authentication, then the problem disappear.
Hmmh, the only difference should be that you no longer have
an HTTP authentication. I do not understand this behaviour.

 > Is there a way to display which object has triggered the authentication, and
 > which acl_users folder is used??
You can instrument the code in "ZPublisher.BaseRequest.traverse"
to output this information.


Dieter