[Zope] "Access contents information" and SQL Methods; bug?

Brian Lloyd Brian@digicool.com
Mon, 26 Jul 1999 09:23:58 -0400


> I have an interesting problem with a part of a site that needs to be
> limited to privileged editors. Let's call this role "Editor". The
> problem is, unless I give the "Access contents information" permission
> to the "Anonymous" role, SQL Method calls are not permitted, even if I
> give _all_ permissions to the "Editor" role.
> 
> It's that curious? <!--#var AUTHENTICATED_USER--> equals to my editor
> user (defined in folder somewhere above the restricted folder), and
> <!--#var "AUTHENTICATED_USER.getRoles()"--> gives me ['Editor']. Btw,
> I've disabled acquisiton of permissions on the restricted folder.
> 
> Unless I give "Access contents information" to "Anonymous", the
> following traceback is emitted when authentication fails:
> 
> For now, I'll enable "Access contents information" for the "Anonymous"
> role, but in the long run I feel this is a bad solution.
> 
> -- 
> Alexander Staubo

I think that this is a bug in permission registration. I've
added a fix that seems to do the trick in my test area - can 
you try the following and let me know if this takes care of your
problem?:

In the file lib/python/Shared/DC/ZRDB/DA.py, add the line:

Globals.default__class_init__(DA)

...right after the definition of the DA class, and do a 
restart. This should make sure that the permissions are
registered correctly.





Brian Lloyd        brian@digicool.com
Software Engineer  540.371.6909              
Digital Creations  http://www.digicool.com