[Zope-CMF] Re: Show/hide content from users/groups

Paul Winkler pw_lists at slinkp.com
Tue Sep 18 09:36:21 EDT 2007


On Tue, Sep 18, 2007 at 02:33:21PM +0200, roel wrote:
> Error Type: Unauthorized
> Error Value: Your user account does not have the required permission. Access
> to 'setProperties' of (ImplicitAcquirerWrapper object at 0xb04612c) denied.
> Your user account, Beneens, exists at /total/acl_users. Access requires one of
> the following roles: ['Manager']. Your roles in this context are
> ['Authenticated', 'Member'].
> ...
> For more detailed information about the error, please refer to the error log.
> 
> I cannot find any clues in the event.log nor in the Z2.log, but I find it odd
> to have to give a mere Member admin rights to be able to log in trough the
> standard login form.

It would be easier if verbosesecurity would tell you the path of that
object at 0xblahblah ...

Here's a likely possibility though.  When you log in to CMF (at least
in CMFDefault), your current and previous login times are set as
properties of a MemberData instance under portal_membership.  The
relevant code is in CMFCore/MemberDataTool.py.  Check the security
settings of portal_membership.

Failing that, grep the CMFCore and CMFDefault directories for other
occurences of setProperties.

-- 

Paul Winkler
http://www.slinkp.com


More information about the Zope-CMF mailing list