[Zope] You are not authorized to access ... exception has me baffled

Jens Vagelpohl jens@zope.com
Fri, 23 Nov 2001 19:40:15 -0500


brad,

in trying to reproduce this i am noticing that this has nothing to do with 
the LDAPUserFolder. i am seeing the very same behavior using a bone-stock 
zope user folder in the subfolder.

i filed a collector issue in the Zope issue collector::

http://collector.zope.org/Zope/47

jens



On Friday, November 23, 2001, at 01:58 , Brad Clements wrote:

> I've broken my site, and can't figure it out.  This is Zope 2.4.3 binary 
> on Linux
>
> I have
>
>    /   (root)  with acl_users
>
>    /Strader   public without an acl_users (all permissions are "acquire 
> from above")
>
>    /Strader/P    not public, has an LDAPUserFolder for acl_users
>
>
> local roles are defined in the root /acl_users
>
> Security for /Strader/P has disabled acquisition of "access contents 
> information" and
> "view", and enabled these permissions for the roles Manager, SFCustomer 
> and
> SFManager
>
> Logging in as a Manager defined in root /acl_users works for management, 
> but when I
> attempt to view a ZPT in /Strader/P using the Test tab, I get "you are 
> not authorized to
> access title"
>
> My manager userid is also defined in the LDAP adapter as well, so I'm 
> authenticated by
> the LDAPUserFolder in /Strader/P or /acl_users depending on what I'm 
> accessing.
>
> So "view" in /Strader works okay for me
>
> -- But the real problem is --
>
>
> Logging in as a user who is only defined in LDAP adapter, who has the 
> roles
> SFCustomer and SFManager still gives the same error  "not authorized to 
> access title"
> on /Strader/P/Master  (page template when viewing)
>
> I'm totally stumped, it's as if LDAPUserFolder is not returning the 
> correct list of roles.
> However, if I temporarily enable acquisition of view and "access contents"
> , I can get this
> output from viewing the ZPT
>
> roles are ('SFCustomer', 'SFManager', 'Anonymous', 'Authenticated')
>
> (the Master template has )
>
>    roles are <span tal:content="user/getRoles">roles</span>
>
> Anyone have any ideas how to diagnose this so I can see where to fix it?
>
> I've searched the archives, there are some grumblings about this in the 
> past but no
> obvious silver bullet.
>
>
> Brad Clements,                bkc@murkworks.com   (315)268-1000
> http://www.murkworks.com                          (315)268-9812 Fax
> netmeeting: ils://ils.murkworks.com               AOL-IM: BKClements
>
>