[Zope] CopySupport methods permissions - do they make sense?

Dave Parker dparker@globalcrossing.com
Thu, 04 Nov 1999 14:00:39 -0600


David Kankiewicz wrote:

> > I'm probably getting loopy, but I can't figure out how to set things up
> > such that an anonymous user could copy or clone or rename anything,
> > period - it's feels like the logic is coded in such a way that it just
> > isn't possible (for anonymous).  Could anyone come up with a simple
> > working example of this that does *not* require "View management
> > screens" be turned on in both the source and target folders???  It
> > *should* be simple.
> >
> 
> What I gave you should work with only the "method" having "View
> management screens"..

Yup, it should, but it doesn't (even tried doing proxy Manager on the
method).  I think something is really honestly broken here.  There's a
blurb in the CopySupport module that refers to the fact that the various
copy methods do their own security, and you can see it in
_verifyObjectPaste().

In particular, the statement:

(CopySupport.py)
362                if (not hasattr(user, 'has_role') or
363                    not user.has_role(roles, self)):
364                    raise 'Unauthorized', (
365                          """You are not authorized to perform this
366                             operation."""
367                          )

(and the fact that I get stopped here all the time) suggests that it is
currently impossible for a user that does not have some role or another
to actually perform a copy. Proxy roles don't seem to get past this, and
I don't know of a way to assign a role (temporary or otherwise) to an
anonymous user.

In short, I suspect that this logic is what's messing things up, and I'm
not certain why it's there in the first place.  Most other stuff lets
some other lower-level Zope stuff deals with permissions automagically. 
It doesn't make obvious sense that permission logic should have to be
re-coded here.

At this point I've worked around the problem, but I'll probably re-visit
it later.  

Thanks again for your time!!