[Zope-dev] access control problem.

David Brown davidbro@namshub.org
Sun, 23 Apr 2000 18:26:21 -0700


I've been learning about Zope as I go along hacking on my ZopeFIsh
project.  For the most part things have gone well, most problems having
solutions.  But I seem to have wandered into a weird little problem.

Here's how it goes...

I instantiate my ZopeFish object.  I go it in the management interface,
and add a user.  In another browser window (one that I never used to log
into Zope), I go to the ZopeFish instance and log in using ZopeFish's
user login facility.  I go to the discussion group page, click the "new
message (in browser)" link, write something, hit the update button.

At this point ZoepFish will create a new message, set the subject and
contents, and then redirect the browser to the message that has just
been created.

At this point Zope wants a username and password.  If I cancel the
prompt, it will now tell me that I am unauthorized to access the
attribute "body".

"Body" is the actual message.  You see, I'm using a tenplate structure
-- only the root object has an "index_html" member, and it points to a
template that includes a "<dtml-var body>" directive.  So I just
implement the "body" member in any publishable objects, and they all use
the template.  So somehow, creating the new message didn't properly
propagate the security settings, or something else that I don't
understand.

So how do I properly set up the access to the new item?  I noticed that
if I just stop and restart the Zope server that I no longer have
problems seeing the message.  So something's getting fixed on the
reload.

I've uploaded my current source to:

	ftp://members.home.net/davidbro/ZopeFish-0.4.0-bug.tgz

if anyone wants to dig around and try to reproduce (and maybe even fix)
the problem.  I'm trying to RTFM, but finding the right FM is tough.

ZopeFish requires the latest XMLDocument.

Thanks in advance...

dave