[Zope] Re: CMF security error in DCWorkflow that doesn't make sense

[Peter Bengtsson]

Some progress.

I managed to get it work by de-selecting the "Manager" role on the
Proxy roles. Makes absolutely no sense.

Later today I had another similar problem/error and nothing I changed
on the Proxy roles mattered. I ended up replacing the Python Scipt
with an External Method and that worked.
This absolutely sucks. The DCWorkflow code is incredibly complicated
and obscure and I hope it burns in hell. Having said that, I don't
think I would do any better if I was to replicate what it can do :)



2008/7/1 Peter Bengtsson <peter at fry-it.com>:
> First of all, I'm not sure if this is the right mailing list but
> hopefully the DCWorkflow people read this list too.
>
> I've got a strange problem.
> On my laptop it works (zope 2.7.8) on the live server it works (zope
> 2.7.3) but on the test server (2.7.8) it doesn't!!! And it's the same
> Data.fs and Products as the live server. It throws an Unauthorized
> error upon executing a python script as part of a workflow transition.
> The Error:
>
> The owner of the executing script is defined outside the context of
> the object being accessed. The script has proxy roles, but they do not
> apply in this context.. Access to 'workflow' of
> (Products.DCWorkflow.Expression.StateChangeInfo instance at 0xddffb48)
> denied. Access requires Manage_portal_Permission, granted to the
> following roles: ['Manager']. The executing script is (PythonScript at
> /intranet/portal_workflow/intranet_workflow/scripts/wf_script_despatcher),
> owned by oliver.
>
> The Python script has Proxy role "Manager" so how can it be limited?
>
> I didn't write this CMF based application and I want to get on top of
> it so it doesn't happen again.
>
> Regards, Peter
>
>
> --
> Peter Bengtsson,
> work www.fry-it.com
> home www.peterbe.com
> hobby www.issuetrackerproduct.com
>



-- 
Peter Bengtsson,
work www.fry-it.com
home www.peterbe.com
hobby www.issuetrackerproduct.com