[Zope-dev] LDAPRoleTwiddler / BasicUserFolder

Jens Vagelpohl jens@zope.com
Thu, 17 Oct 2002 09:01:51 -0400


if shane's "validate" does not work then i assume there is a separate  
issue independent from it.

jens


On Thursday, Oct 17, 2002, at 08:56 US/Eastern, Dirk Datzert wrote:

> Hi Jens,
>
> if I take the following code:
>
>     # This must stay accessible to everyone
>     def validate( self, request, auth='', roles=_noroles ):
>         """ The main engine """
>
>         luf = self.getLUF()
>         v = request['PUBLISHED'] # the published object
>         a, c, n, v = luf._getobcontext(v, request)
>
>         name, password = luf.identify(auth)
>         user = luf.authenticate(name, password, request)
>
>         if user is not None:
>             twiddled_user = self.getUser ( user.getId(),
>                                            user._getPassword()
>                                          )
>             if twiddled_user is not None:
>                 # On my Test-System it works with authorize()
>                 # On my Integration-System it works only without  
> authorize()
>                 if luf.authorize(twiddled_user, a, c, n, v, roles):
>                     return twiddled_user.__of__(luf)
>
>         # Could not twiddle a user.  Defer to other user folders.
>         return None
>
> I get an error if I access a protected DTMLMethod:
>
> Site Error
> An error was encountered while publishing this resource.
>
> Unauthorized
>
> You are not authorized to access content.
> Traceback (innermost last):
>   File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 224, in  
> publish_module
>   File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 187, in  
> publish
>   File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 171, in  
> publish
>   File /usr/share/zope/lib/python/ZPublisher/mapply.py, line 160, in  
> mapply
>     (Object: index_html)
>   File /usr/share/zope/lib/python/ZPublisher/Publish.py, line 112, in  
> call_object
>     (Object: index_html)
>   File /usr/share/zope/lib/python/Products/EasyEditor/EasyEditable.py,  
> line 372, in index_html
>     (Object: ElementWithAttributes)
>   File  
> /usr/share/zope/lib/python/Products/EasyEditor/EasyTemplates/ 
> EasyViews.py, line 94, in __call__
>     (Object: default)
>   File /usr/share/zope/lib/python/OFS/DTMLMethod.py, line 197, in  
> __call__
>     (Object: default)
>   File /usr/share/zope/lib/python/DocumentTemplate/DT_String.py, line  
> 540, in __call__
>     (Object: default)
>   File /usr/share/zope/lib/python/OFS/DTMLMethod.py, line 269, in  
> validate
>     (Object: default)
>   File /usr/share/zope/lib/python/AccessControl/SecurityManager.py,  
> line 144, in validate
>   File /usr/share/zope/lib/python/AccessControl/ZopeSecurityPolicy.py,  
> line 225, in validate
> Unauthorized: (see above)
>
> But if I'm a user with role manager everything is ok.
>
> I found out that if the LDAPUser goes into the auth-SimpleCache of the  
> LRT, I got no Unauthorized exception, but than I have a problem with  
> AUTHORIZED_USER.has_permission('View', obj) which returns 0 on each  
> protected obj
> under the LRT path.
>
> Dirk
>
>