[Zope-dev] skinscript and URL traversal question

Aaron Payne aaron@aaronpayne.com
Fri, 19 Jan 2001 09:05:06 -0500


At 05:02 PM 1/18/01 -0500, Phillip J. Eby wrote:
>At 08:54 AM 1/18/01 -0500, Aaron Payne wrote:
> >Hi all,
> >
> >I originally posted this to the zope list and, upon suggestion, I am
> >reposting it to zope-dev.
> >
> >I'm using a zsql method in a skinscript with query ... compute ... and it
> >mostly works. Retrieving the dataskin with getItem() works.  For example,
> >Cid is the id of the coupon dataskin.
> ><dtml-with "getItem(Cid)">
> >   <dtml-var couponattributes>
> ></dtml-with>
>
>This is probably a permissions issue.  During __bobo_traverse__, the user
>has not yet been authenticated, and is effectively anonymous.

I was logged in as a manager.

>Thus, your
>SkinScript is running as anonymous, and probably doesn't have rights to
>access the SQL method.
>You might need to change the proxy roles setting on
>the SkinScript method so that when the SkinScript runs it always has
>appropriate roles to do what it needs to do.

I gave the skinscript trigger a proxy role of manager.  Actually, I gave 
all methods involved a proxy of manager. The same error was produced.


>The reason it would work from in a DTML method, is that when a DTML method
>runs, the user has already been authenticated, so the SkinScript runs with
>the user's rights, and they have rights to call the SQL method.
>
>If you run Zope in debug mode and do this, you should probably see some
>console output about an error in computing the WITH-COMPUTE statement when
>you try to run it via bobo_traverse.  It'll probably say the SQL method is
>not found (because it doesn't have permissions to access it in that context).