[Zope-PAS] Strange authorization problems in subfolders under PAS ac_users object

bernd.grobauer at krakel.de bernd.grobauer at krakel.de
Fri Nov 18 08:12:03 EST 2005


Hi list,

the following question may be trivial to you; I tried to do my best to
find things out by myself, but did not manage to find anything.

Here is what I have (on Zope 2.7.5 with 1.0.3 of PAS)

Rootfolder (with standard userfolder acl_users in it)
|
+--test (with PAS userfolder acl_users in it)
|
+---subfolder
    index_html (a Python Script)

My problem is that if index_html contains, say, "script.title", I
get the error message that I do not have authorization to use 'title'
in this context. That changes when I take the whole 'test' folder
and copy it into, say 'test2'. Then "script.title" works fine,
but if I make another script, things like "script.title" do
not work -- unless I copy the whole thing to 'test3'...

Am I missing something obvious? If you already know what's happening,
please tell me! If not, below are some more details!

Thanks a lot,

Bernd

PS: More details:

With quite a bit of trial and error, I managed to set up
a PAS-user-folder in a subfolder 'test' and implemented a very simple
IP-based authentication with scriptable plugin:

- extractCredentials is a script that gets the IP out of the request
and returns {'login': IP, 'password':''}

- authenticateCredentials returns "('zopeadmin','zopeadmin')" upon
seing my own IP in the credentials and "('user','user')" otherwise
(both exist as Zope users in the toplevel user folder)

- getRolesForPrincipal returns "('Manager','Authentiated') upon
being presented with user 'zopeadmin' and some lesser roles otherwise.

Works wonderfully for every object in folder 'test'. Getting bolder,
I created a folder 'subfolder' in 'test' and put a simple script
into it. What happens then I already described above...


More information about the Zope-PAS mailing list