[Zope] Dangerous permissions granted to Anonymous to allow ZClass instantiation?

douwe@oberon.nl douwe@oberon.nl
Wed, 3 Jul 2002 18:39:18 +0200


It won't help you much, but I have had the same problems. I recreated the
ZClass and
the problem went away.

Douwe

> -----Original Message-----
> From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf
> Of Milos Prudek
> Sent: Wednesday, July 03, 2002 6:05 PM
> To: zope
> Subject: [Zope] Dangerous permissions granted to Anonymous to
> allow ZClass instantiation?
>
>
> The following looks like a Zope bug (Zope 2.5.1):
>
> It seems that permissions such as Create class instances must be given
> to Anonymous so that Authenticated can create class instances. It seems
> impossible to only allow Authenticated to create class instances.
>
> Details:
>
> Error Type: Unauthorized
> Error Value: You are not allowed to access ORL_Art in this context
>
> The error above appears for the following Python Script line:
>     context.manage_addProduct['ORL'].ORL_Art.createInObjectManager(id,Dct)
>
> The error appears if Authenticated role has the following permissions
> and Anonymous does not have them:
>
>    Add Documents, Images, and Files
>    Add ORL_Arts
>    Create class instances
>    Manage properties
>
> The error disappears if Anonymous is given the above roles.
>
> If this is not Zope bug, what might be causing it? The manage_addProduct
> did not have this problem in Zope 2.4.4.
>
> --
> Milos Prudek
>
>
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>