Nuxeo mailing list archives
[Nuxeo-tickets] [Nuxeo Repository] #1719: permission problem with
the multi view feature
Nuxeo Repository
trac at nuxeo.com
Tue Aug 1 11:00:17 CEST 2006
#1719: permission problem with the multi view feature
-------------------------------+--------------------------------------------
Reporter: ogrisel | Owner: lregebro
Type: defect | Status: new
Priority: P2 | Milestone: CPS 3.4.2
Component: CPSSharedCalendar | Version: TRUNK
Severity: major | Keywords:
-------------------------------+--------------------------------------------
Steps to reproduce:
* create user1 and user2 with their calendars
* create a public event in user1's calendar
* give user2 access rights to it (WorkspaceReader on the workspace and
Reader on the calendar itself).
* change user2's calendar to register user1 calendar
Problem:
user2 see the event but cannot click on it to see the details since it
triggers two consecutive uncatched Unauthorized exceptions:
{{{
2006-08-01 10:46:05 BLATHER Zope Security Policy Unauthorized: Your user
account does not have the required permission. Access to u'event.html' of
(ZODBEvent at
/cps/members/user2/calendar/event/20060801T094539-storage-2 at localhost.localdomain)
denied. Your user account, user2, exists at /cps/acl_users. Access
requires one of the following roles: ['AttendeeReader',
'EventParticipant', 'Manager', 'WorkspaceReader']. Your roles in this
context are ['Anonymous', 'AttendeeManager', 'Authenticated', 'Member',
'Owner', 'WorkspaceManager'].
2006-08-01 10:46:05 BLATHER Zope Security Policy Unauthorized: Your user
account does not have the required permission. Access to u'event.html' of
(ZODBEvent at
/cps/members/user2/calendar/event/20060801T094539-storage-2 at localhost.localdomain)
denied. Your user account, Anonymous User, exists at /acl_users. Access
requires one of the following roles: ['AttendeeReader',
'EventParticipant', 'Manager', 'WorkspaceReader']. Your roles in this
context are ['Anonymous'].
2006-08-01 10:46:05 ERROR root Exception while rendering an error message
Traceback (most recent call last):
File "/opt/Zope-2.9/lib/python/OFS/SimpleItem.py", line 223, in
raise_standardErrorMessage
v = s(**kwargs)
File "/opt/Zope-2.9/lib/python/Shared/DC/Scripts/Bindings.py", line 311,
in __call__
return self._bindAndExec(args, kw, None)
File "/opt/Zope-2.9/lib/python/Shared/DC/Scripts/Bindings.py", line 348,
in _bindAndExec
return self._exec(bound_data, args, kw)
File
"/home/ogrisel/instances/zope29/Products/CMFCore/FSPageTemplate.py", line
195, in _exec
result = self.pt_render(extra_context=bound_names)
File
"/home/ogrisel/instances/zope29/Products/CMFCore/FSPageTemplate.py", line
134, in pt_render
result = FSPageTemplate.inheritedAttribute('pt_render')(
File "/opt/Zope-2.9/lib/python/Products/PageTemplates/PageTemplate.py",
line 104, in pt_render
tal=not source, strictinsert=0)()
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 238, in
__call__
self.interpret(self.program)
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 281, in
interpret
handlers[opcode](self, args)
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 457, in
do_optTag_tal
self.do_optTag(stuff)
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 442, in
do_optTag
return self.no_tag(start, program)
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 437, in
no_tag
self.interpret(program)
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 281, in
interpret
handlers[opcode](self, args)
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 749, in
do_useMacro
self.interpret(macro)
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 281, in
interpret
handlers[opcode](self, args)
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 507, in
do_setLocal_tal
self.engine.setLocal(name, self.engine.evaluateValue(expr))
File "/opt/Zope-2.9/lib/python/Products/PageTemplates/TALES.py", line
221, in evaluate
return expression(self)
File "/opt/Zope-2.9/lib/python/Products/PageTemplates/ZRPythonExpr.py",
line 47, in __call__
return eval(code, g, {})
File "Python expression "mtool.assertViewable(here)"", line 1, in
<expression>
File
"/home/ogrisel/instances/zope29/Products/CPSCore/CPSMembershipTool.py",
line 112, in assertViewable
raise Unauthorized
}}}
--
Ticket URL: <http://svn.nuxeo.org/trac/pub/ticket/1719>
Nuxeo Repository <http://www.cps-project.org/>
Nuxeo Repository
More information about the Nuxeo-tickets
mailing list
This list archive provided by Nuxeo, the
leaders of open source ECM.
Check out the Nuxeo 5 open source,
standards-based ECM project.