[prev in list] [next in list] [prev in thread] [next in thread] 

List:       zope-cmf
Subject:    Re: [Zope-CMF] invokeFactory and security
From:       Dieter Maurer <dieter () handshake ! de>
Date:       2003-08-26 20:07:22
[Download RAW message or body]

Reverend Matt wrote at 2003-8-22 20:38 -0000:
 > I have a portal tool that I want to allow anonymous users to use,
 > which means allowing invokeFactory for anonymous users.  My problem is
 > that I figured I could do this by simply proxying the python script
 > that runs when they hit "submit", but it still indicates "you are not
 > authorized to access invokeFactory in this context".  The tool works
 > fine when logged in.  

In some contexts, the code makes its own security checks
(most prominent example: pasting) which does not honour
execution oriented permissions such as proxy roles.

Try to get a traceback and look where the exception is raised.


Dieter


[prev in list] [next in list] [prev in thread] [next in thread]