[Grok-dev] Re: Using z3c.jsonrpc with grok and ForbiddenAttribute
Philipp von Weitershausen
philipp at weitershausen.de
Sat May 31 03:53:37 EDT 2008
Jan-Wijbrand Kolman wrote:
> Calvin Hendryx-Parker wrote:
>> The error seems to happen as it starts to traverse my application and
>> it doesn't even get to my Note instance which is a few levels down the
>> What ZCML voodoo am I missing to allow me to use z3c.jsonrpc with my app?
> Isn't this more about not having granted the right permissions to the
> user that is accessing these jsonrpc views? Does your use indeed "have"
> the "brnf.notes" permission?
No. If the user were lacking the right permission, you'd get an
Unauthorized exception. A ForbiddenAttribute error is *always* the sign
a) missing security declarations for something that should be allowed to
b) or you're accessing something that's you really shouldn't be accessing.
More information about the Grok-dev