[Zope] Strange behaviour on authorization

Casey Duncan casey.duncan@state.co.us
Fri, 18 Aug 2000 10:30:02 -0600


Jarkko Veijalainen wrote:
> i have been trying to figure this out and get help to this almost one
> week...
...
> Zope loads login form with no problem (it's basicly static page) but when
i
> try so POST data to email_headers with login form, popups Authorization
> failed window. I have tried to use my manager and superuser name and same
> values that i submitted, but nothing is accepted to auth. window.
...
> so i have authenticated user and i still can't login. All these documents
> work like they're supposed to in Zope 2.1.6, but not anymore when i
> installed Zope 2.2.0 on Solaris. Why is Zopesecurity trying to validate
> 'cn', which is value that i submit to another document.
>
> What went wrong here and how i fix this problem?

Aha, it worked in 2.1.6 eh? That's the tip off. A *major* change between
2.1.x and 2.2.x is in the security dept. 2.2.x runs all methods using the
security level of the _owner_ of the method, regardless of whether this is a
lower or higher level than the currently authenticated user. My guess is
that your method has no owner (which is what pre-2.2.x objects default to
when run under 2.2.x). This means it is running as anonymous which does not
have rights to do what you want. Specify an owner for the method that has
sufficient rights to do what you want and try it again.

Good luck,
-Casey Duncan