[Zope] Re: Mailhost expects different security settings in different folders

Andreas Tille tillea at rki.de
Wed Jan 28 04:21:57 EST 2004 

On Tue, 27 Jan 2004, Dieter Maurer wrote:

> Authorization problems are best analysed with Shane's
> "VerboseSecurity" product (unless you use Zope 2.6.3/Zope 2.7b4 or above).
This was really a great hint.  I hope this functionality will end up inside
Zope.  I guess if it is implemented in C the speed slowdown which is
mentioned in the README will be no real problem any more.


Regarding my actual problem:

Traceback (innermost last):
  Module ZPublisher.Publish, line 98, in publish
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 39, in call_object
  Module Shared.DC.Scripts.Bindings, line 252, in __call__
  Module Shared.DC.Scripts.Bindings, line 283, in _bindAndExec
  Module Products.PythonScripts.PythonScript, line 314, in _exec
  Module Script (Python), line 6, in SimpleMail
   - <PythonScript at /Influenza/SimpleMail>
   - Line 6
  Module Products.VerboseSecurity.VerboseSecurityPolicy, line 264, in validate
Unauthorized: Your user account is defined outside the context of the object being accessed.  Access to 'send' of (MailHost instance at 92020b0) denied. Your user account, tillea, exists at /Influenza/acl_users. Access requires one of the following roles: ['Manager'].


The situation is as follows:

    /acl_users/tillea: ['Manager','Owner']

    /Influenza/acl_users/tillea: ['Manager','Owner','some','other','permissions']
        --> So the error message seems strange because the role 'Manager' occures
            in both contexts

    /Influenza/SimpleMail
        try:
          mailhost=getattr(context, context.superValues('Mail Host')[0].id)
        except:
          raise AttributeError, "Can not find a Mail Host object."

        mailhost.send("Subject: SimpleMail\n\nMessage Body", "tillea at localhost", "tillea at rki.de")

        --> This causes the problem

    /TestFolder/SimpleMail
        --> same script as above is OK, but this folder does not contain
            any additional acl_users folder which is the only visible
            difference for me

    /MailHost
        --> I did not changed any security settings here.  All items of
            "Acquire permission settings?" are tickmarked and all other
            roles (Anonymous, Authenticated, Manager, Owner) are empty.

Any hint?

BTW, this occures on my development machine running Zope 2.6.2.  My production
machine (Sparc, Debian) running Zope 2.6.1 works fine.

Kind regards

        Andreas.

More information about the Zope mailing list