[ZCM] [ZC] 1779/ 3 Comment "workflow script proxy role does not apply"

Collector: Zope Bugs, Features, and Patches ... zope-coders-admin at zope.org
Thu May 12 16:59:04 EDT 2005 

Issue #1779 Update (Comment) "workflow script proxy role does not apply"
 Status Pending, Zope/bug medium
To followup, visit:
  http://www.zope.org/Collectors/Zope/1779

==============================================================
= Comment - Entry #3 by mcdonc on May 12, 2005 4:58 pm

Note that we did confirm that the owner of the script existed (we took ownership of the object via another just-created account).
________________________________________
= Comment - Entry #2 by mcdonc on May 12, 2005 4:57 pm

FWIW, I chatted about this in IRC with r33t and it does appear to be some sort of bug.  The same configuration works in 2.7.3 and 2.7.4 but does not work in 2.7.5 and 2.7.6.

The suspicious things in changes.txt for 2.7.5 are:

 - AccessControl/User.py: _check_context() has not been called
   for authenticated users
- guarded_getattr: Restored ability to aquire "through" unprotected
 contexts, broken through overzealous cleanup in Zope 2.7.3.


________________________________________
= Request - Entry #1 by r33t on May 12, 2005 4:39 pm


Uploaded:  "checkTransition.py"
 - http://www.zope.org/Collectors/Zope/1779/checkTransition.py/view
I have a workflow script which runs with proxy 'manager' and I get
the following error (VerboseSecurity):

"The owner of the executing script is defined outside the context of the object being accessed. The script has proxy roles, but they do not apply in this context.. Access to 'new_state' of (Products.DCWorkflow.Expression.StateChangeInfo instance at 0xb5e78aac) denied. Access requires Manage_portal_Permission, granted to the following roles: ['Manager']. The executing script is (PythonScript at /Intranet/portal_workflow/cmfi_workflow/scripts/checkTransition), owned by manager."

The error happens when the script tries to access state_change.new_state. 
state_change.object can be accessed, no problem.
<PythonScript at /Intranet/portal_workflow/cmfi_workflow/scripts/checkTransition>
Line 15
> if state_change.new_state.id == 'pending': 
the complete script is attached, bound names are : context, container, script, traverse_subpath, parameter list: state_change

The user manager (which is the owner) exists in the context (a plone instance). I also tried to take ownership with another user, still the same error. The script worked with Zope-2.7.4-final.

==============================================================

More information about the Zope-Collector-Monitor mailing list