[Zope] restricting permissions for direct access only

Michael Shulman shulman at mathcamp.org
Tue Feb 14 11:04:13 EST 2006

Okay, I must be the most moronic user ever.  The default text in a
newly created Python Script, which I did not bother to change for my
test case, accesses meta_type, but I did not notice this; thus I was
confused.  (Just out of curiosity, what permissions are required to
access meta_type?)

But... it's still not working for my real site.  I think the issue is
this.  If script1 has proxy role Manager, and script2 has view
permissions set only for Manager, then script1 can call script2, no
problem.  But if script1 instead calls script3, which then calls
script2, it doesn't work unless script3 *also* has proxy role Manager.
 Is there a way to make scripts inherit proxy roles from their
callers?  Or am I confused once again?


On 2/14/06, Chris Withers <chris at simplistix.co.uk> wrote:
> Michael Shulman wrote:
> > Thanks Lennart!  Proxy roles do sound like the answer, but I cannot
> > get them working.  When I restrict my private script so that only
> > Managers have View permissions and give my public script Manager proxy
> > roles, I am still prompted for a login box when I try to view the
> > public script.  When I cancel, I get the following error:
> >
> > Error Type: Unauthorized
> > Error Value: You are not allowed to access 'meta_type' in this context
> On what line in either of your scripts do you access meta_type?
> > What does it mean and how do I fix it?
> I means something tried to access an object's meta_type but didn't have
> the necessary roles to do so. You may wish to look at the
> verbose-security options in zope.conf...
> cheers,
> Chris
> --
> Simplistix - Content Management, Zope & Python Consulting
>             - http://www.simplistix.co.uk

More information about the Zope mailing list