[Zope3-Users] functional doctest and testbowser with zopeproject

Marius Gedminas marius at gedmin.as
Wed Apr 1 02:27:37 EDT 2009


On Tue, Mar 31, 2009 at 02:09:34PM -0700, Douglas Cerna wrote:
> Hi.
> 
> I had a similar error and fixed it modifying:
> 
> >>> browser.addHeader('Authorization', 'Basic mgr:mgrpw')
> 
> To:
> 
> >>> browser.addHeader('Authorization', 'Basic globalmgr:globalmgrpw')
> 
> Both principals are defined in the ftesting.zcml file of your project,
> but just the globalmgr has the Manager role assigned.

This is intentional and tends to expose bugs in your application.

If you have an object without a correct __parent__ chain leading to the
ZODB root, your object will never see local security grants (such as
mgr:mgrpw has) so any users defined TTW won't be able to access it.

The fix is to ensure that *every* object of your application has a
__parent__.

(Note that this use of __parent__ for security is independent from
containment -- you don't need your objects to provide ILocation, or have
__name__'s -- the Zope 3 security mechanism looks at __parent__
attributes without checking interfaces.)

Marius Gedminas
-- 
Life begins when you can spend your spare time programming instead of
watching television.
                -- Cal Keegan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mail.zope.org/pipermail/zope3-users/attachments/20090401/01784722/attachment.bin 


More information about the Zope3-users mailing list