[Zope3-Users] Permission problem on adapter

Marius Gedminas mgedmin at b4net.lt
Sun Feb 11 17:05:49 EST 2007


On Sun, Feb 11, 2007 at 09:24:34AM +0100, FB wrote:
> On Sun, Feb 11, 2007 at 01:16:51AM +0100, Dominique Lederer wrote:
> > i created a trusted adapter on a content object.
> > then i created a formlib edit page for the ZMI, to be able to edit the
> > new attributes on the adapted content object. the adapters interface is
> > correctly rendered to the form.
> > 
> > if i try to edit, an unauthorized error is shown, which i also get, when
> > i register the user as Site Manager via Grant in the ZMI.
> > The global admin *can* edit the adapters attributes (the one which is
> > set globally via ZCML).

For future reference, when you get into a situation when the global
manager can do something, but a local manager cannot, know what you have
a broken __parent__ chain somewhere.  Every object that has security
declarations and can be security proxied must have a valid __parent__
chain leading to the ZODB root, or you will have problems like this.

> > i registered the adapter like this:
> > <adapter factory=".MyClassAnnotations"
> >          trusted="true"  />
> 
> Try to add the attribute 'locate="true"' to the adapter-statement.

Cool, I didn't know about that one.  I'd've suggested setting the
adapter's __parent__ manually in the constructor.

Marius Gedminas
-- 
Where do you think you're going today?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mail.zope.org/pipermail/zope3-users/attachments/20070212/1c3cec42/attachment.bin


More information about the Zope3-users mailing list