[CPS-devel] Permission problem in validation

Winterflood, Jonathan jonathan.winterflood at capgemini.com
Tue Feb 20 16:06:45 CET 2007 

Hi all,
 
I'm encountering a permission problem when trying to access a CPS document for validation.
I'm using CPS 3.4.2 on Zope 2.9.4 with a custom product (based on the vogon poetry)
 
We have two custom documents (only these are allowed, and not the original CPS ones) and their custom workflows
These documents are submitted from the user workspaces to the 'sections' publication space
Administrators can publish directly, but the contributor-submitted documents need validation and are in the 'pending' state until then.
 
The problem arises when a validator tries to view a document to accept/reject it:
the link visible in the list is [..blah...]/sections/00000009768/view_stats
following it prompts the user for a password (browser-style, not the login_form) and failure to provide credentials is worth a nice big 'Unauthorized'...
 
Error Type:	 Unauthorized	
Error Value: You are not allowed to access 'manage_changeProperties' in this context
Traceback:	 Traceback (innermost last):


*	Module ZPublisher.Publish, line 115, in publish 
*	Module ZPublisher.mapply, line 88, in mapply 
*	Module ZPublisher.Publish, line 41, in call_object 
*	Module Products.CMFCore.FSPythonScript, line 108, in __call__ 
*	Module Shared.DC.Scripts.Bindings, line 311, in __call__ 
*	Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec 
*	Module Products.CMFCore.FSPythonScript, line 164, in _exec 
*	Module None, line 10, in view_stats
	<FSPythonScript at /DBR/view_stats used for /DBR/sections/00000009768>
	Line 10

Unauthorized: You are not allowed to access 'manage_changeProperties' in this context
I'm not sure where this comes from, since the user has been added to the adequate group (in theory)
The manager can (obviously...) access this page with no problems
Any ideas?
Jonathan
 


This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient,  you are not authorized to read, print, retain, copy, disseminate,  distribute, or use this message or any part thereof. If you receive this  message in error, please notify the sender immediately and delete all  copies of this message.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.nuxeo.com/pipermail/cps-devel/attachments/20070220/615fae48/attachment.html


This list archive provided by Nuxeo, the leaders of open source ECM. Check out the Nuxeo 5 open source, standards-based ECM project.