[Zope] zope 2.7: Unauthorized "in this context"

Dieter Maurer dieter at handshake.de
Wed Jun 15 14:14:45 EDT 2005


John Hunter wrote at 2005-6-15 09:48 -0500:
> ...
>I installed VerboseSecurity and now get a more helpful error message
>in the log (to refresh your memory, this is a pure ZClass based
>product which stopped working on an upgrade to 2.7).  Here is the
>updated message
>
>  Exception Type  	Unauthorized
>
>  Exception Value The container has no security assertions. Access to
>  'mentor' of (FactoryDispatcher instance at 40aeafb0) denied.
>
>I googled this error message and found this thread,
>http://www.gossamer-threads.com/lists/zope/users/176379.  You
>responded to the OP
> ...
>  It is true that a "FactoryDispatcher"
>  ("App.FactoryDispatcher.FactoryDispatcher") does not have security
>  assertions....
> ...
>  You can try to add a "__role__ = None" and maybe a
>  "__allow_access_to_unprotected_subobjects__ = 1" to the
>  "FactoryDispatcher" class (--> "App/FactoryDispatcher.py") to see
>  whether the problem disappears.  These two attributes will provide
>  security assertions for the factory.

Note that this is only a hack!

  All objects in the "FactoryDispatcher" should provide their
  own security declarations. Then, they would not depend
  on that of the container.

  Thus, the primary problem is that "mentor" magically does
  not have a "__roles__" attribute or (maybe) that it was never
  expected to be accessed via the "FactoryDispatcher".

-- 
Dieter


More information about the Zope mailing list