Łukasz Nowak
2008-09-30 12:07:03 UTC
Hello,
I have user 'base_employee. This user security is defined by its
Assignment to function/base_employee, which codification BASEMPL.
My document_module has local roles Auditor and Author for BASEMPL.
Portal type Text has no roles.
So - using this user I'm navigating into document_module, I see list of
portal types to add. I'm adding Text. Attached traceback appears.
Any clues? Ideas? Is that case unit tested somewhere? Maybe I missed
something. Used revision is 23313.
Regards,
Luke
?PS, more background:
I've found out, that Owner role in document_publication_workflow have
just enough permissions for normal users to add documents and send them
to publication. As I'd like to have special DMS Manager and provide
security to objects by function, I'd like to avoid set more roles on
DMS-related (Text in this case) portal types.
--
?ukasz Nowak R&D Ventis http://www.ventis.com.pl/
tel: +48 32 768 16 85 fax: +48 32 392 10 61
``Use the Source, Luke...'' I am only craftsman.
-------------- next part --------------
Traceback (innermost last):
Module ZPublisher.Publish, line 114, in publish
112 | missing_name,
113 | dont_publish_class,
114>| request, bind=1)
115 |
116 | if result is not response:
Module ZPublisher.mapply, line 88, in mapply
086 |
087 | args=tuple(args)
088>| if debug is not None: return debug(object,args,context)
089 | else: return object(*args)
Module ZPublisher.Publish, line 40, in call_object
038 |
039 |def call_object(object, args, request):
040>| result=apply(object,args) # Type s<cr> to step into published object.
041 | return result
042 |
Module Shared.DC.Scripts.Bindings, line 311, in __call__
309 | def __call__(self, *args, **kw):
310 | '''Calls the script.'''
311>| return self._bindAndExec(args, kw, None)
312 |
313 | def __render_with_namespace__(self, namespace):
Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec
346 | exec bindcode
347 | bound_data = bound_data[0]
348>| return self._exec(bound_data, args, kw)
349 | finally:
350 | security.removeContext(self)
Module Products.PythonScripts.PythonScript, line 324, in _exec
322 | f = new.function(fcode, g, None, fadefs)
323 |
324>| result = f(*args, **kw)
325 | if keyset is not None:
326 | # Store the result in the cache.
Module None, line 36, in Base_doAction
- <PythonScript at /erp5/Base_doAction used for /erp5/document_module> - Line 36
033 | new_content = context.newContent(portal_type=type_name,
034 | container=context,
035>| id=str(new_id))
036 | preserved_parameters['portal_status_message'] = Base_translateString("Object Created.")
037 | preserved_parameters['editable_mode'] = 1
Module Products.ERP5Type.Document.Folder, line 421, in newContent
419 | """ Create a new content """
420 | # Create data structure if none present
421>| return FolderMixIn.newContent(self, *args, **kw)
422 |
423 | def isBTree(self):
Module Products.ERP5Type.Document.Folder, line 162, in newContent
160 | activate_kw=activate_kw,
161 | reindex_kw=reindex_kw,
162>| is_indexable=is_indexable
163 | ) # **kw) removed due to CMF bug
164 | # TODO :the **kw makes it impossible to create content not based on
Module Products.CMFCore.TypesTool, line 930, in constructContent
928 | raise ValueError('No such content type: %s' % type_name)
929 |
930>| ob = info.constructInstance(container, id, *args, **kw)
931 |
932 | if RESPONSE is not None:
Module Products.ERP5Type.ERP5Type, line 286, in constructInstance
284 | # Unauthorized error on transition's condition
285 | if hasattr(aq_base(ob), 'notifyWorkflowCreated'):
286>| ob.notifyWorkflowCreated()
287 |
288 | # Reindex the object at the end
Module Products.CMFCore.CMFCatalogAware, line 128, in notifyWorkflowCreated
126 | wftool = getToolByName(self, 'portal_workflow', None)
127 | if wftool is not None:
128>| wftool.notifyCreated(self)
129 |
130 | # Opaque subitems
Module Products.CMFCore.WorkflowTool, line 354, in notifyCreated
352 | wfs = self.getWorkflowsFor(ob)
353 | for wf in wfs:
354>| wf.notifyCreated(ob)
355 | self._reindexWorkflowVariables(ob)
356 |
Module Products.DCWorkflow.DCWorkflow, line 388, in notifyCreated
386 | """
387 | try:
388>| self._changeStateOf(ob, None)
389 | except ( ObjectDeleted, ObjectMoved ):
390 | # Swallow.
Module Products.DCWorkflow.DCWorkflow, line 479, in _changeStateOf
477 | if sdef is None:
478 | break
479>| tdef = self._findAutomaticTransition(ob, sdef)
480 | if tdef is None:
481 | # No more automatic transitions.
Module Products.DCWorkflow.DCWorkflow, line 458, in _findAutomaticTransition
456 | t = self.transitions.get(tid, None)
457 | if t is not None and t.trigger_type == TRIGGER_AUTOMATIC:
458>| if self._checkTransitionGuard(t, ob):
459 | tdef = t
460 | break
Module Products.DCWorkflow.DCWorkflow, line 449, in _checkTransitionGuard
447 | if guard is None:
448 | return 1
449>| if guard.check(getSecurityManager(), self, ob, **kw):
450 | return 1
451 | return 0
Module Products.DCWorkflow.Guard, line 90, in check
088 | econtext = createExprContext(
089 | StateChangeInfo(ob, wf_def, kwargs=kw))
090>| res = expr(econtext)
091 | if not res:
092 | return 0
Module Products.CMFCore.Expression, line 44, in __call__
042 | # ?? Maybe expressions should manipulate the security
043 | # context stack.
044>| res = compiled(econtext)
045 | if isinstance(res, Exception):
046 | raise res
Module Products.PageTemplates.ZRPythonExpr, line 47, in __call__
045 | g = self._bind_used_names(econtext)
046 | g.update(self._globals)
047>| return eval(code, g, {})
048 |
049 |class _SecureModuleImporter:
Module Python expression "here.hasData()", line 1, in <expression>
Unauthorized: You are not allowed to access 'hasData' in this context
I have user 'base_employee. This user security is defined by its
Assignment to function/base_employee, which codification BASEMPL.
My document_module has local roles Auditor and Author for BASEMPL.
Portal type Text has no roles.
So - using this user I'm navigating into document_module, I see list of
portal types to add. I'm adding Text. Attached traceback appears.
Any clues? Ideas? Is that case unit tested somewhere? Maybe I missed
something. Used revision is 23313.
Regards,
Luke
?PS, more background:
I've found out, that Owner role in document_publication_workflow have
just enough permissions for normal users to add documents and send them
to publication. As I'd like to have special DMS Manager and provide
security to objects by function, I'd like to avoid set more roles on
DMS-related (Text in this case) portal types.
--
?ukasz Nowak R&D Ventis http://www.ventis.com.pl/
tel: +48 32 768 16 85 fax: +48 32 392 10 61
``Use the Source, Luke...'' I am only craftsman.
-------------- next part --------------
Traceback (innermost last):
Module ZPublisher.Publish, line 114, in publish
112 | missing_name,
113 | dont_publish_class,
114>| request, bind=1)
115 |
116 | if result is not response:
Module ZPublisher.mapply, line 88, in mapply
086 |
087 | args=tuple(args)
088>| if debug is not None: return debug(object,args,context)
089 | else: return object(*args)
Module ZPublisher.Publish, line 40, in call_object
038 |
039 |def call_object(object, args, request):
040>| result=apply(object,args) # Type s<cr> to step into published object.
041 | return result
042 |
Module Shared.DC.Scripts.Bindings, line 311, in __call__
309 | def __call__(self, *args, **kw):
310 | '''Calls the script.'''
311>| return self._bindAndExec(args, kw, None)
312 |
313 | def __render_with_namespace__(self, namespace):
Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec
346 | exec bindcode
347 | bound_data = bound_data[0]
348>| return self._exec(bound_data, args, kw)
349 | finally:
350 | security.removeContext(self)
Module Products.PythonScripts.PythonScript, line 324, in _exec
322 | f = new.function(fcode, g, None, fadefs)
323 |
324>| result = f(*args, **kw)
325 | if keyset is not None:
326 | # Store the result in the cache.
Module None, line 36, in Base_doAction
- <PythonScript at /erp5/Base_doAction used for /erp5/document_module> - Line 36
033 | new_content = context.newContent(portal_type=type_name,
034 | container=context,
035>| id=str(new_id))
036 | preserved_parameters['portal_status_message'] = Base_translateString("Object Created.")
037 | preserved_parameters['editable_mode'] = 1
Module Products.ERP5Type.Document.Folder, line 421, in newContent
419 | """ Create a new content """
420 | # Create data structure if none present
421>| return FolderMixIn.newContent(self, *args, **kw)
422 |
423 | def isBTree(self):
Module Products.ERP5Type.Document.Folder, line 162, in newContent
160 | activate_kw=activate_kw,
161 | reindex_kw=reindex_kw,
162>| is_indexable=is_indexable
163 | ) # **kw) removed due to CMF bug
164 | # TODO :the **kw makes it impossible to create content not based on
Module Products.CMFCore.TypesTool, line 930, in constructContent
928 | raise ValueError('No such content type: %s' % type_name)
929 |
930>| ob = info.constructInstance(container, id, *args, **kw)
931 |
932 | if RESPONSE is not None:
Module Products.ERP5Type.ERP5Type, line 286, in constructInstance
284 | # Unauthorized error on transition's condition
285 | if hasattr(aq_base(ob), 'notifyWorkflowCreated'):
286>| ob.notifyWorkflowCreated()
287 |
288 | # Reindex the object at the end
Module Products.CMFCore.CMFCatalogAware, line 128, in notifyWorkflowCreated
126 | wftool = getToolByName(self, 'portal_workflow', None)
127 | if wftool is not None:
128>| wftool.notifyCreated(self)
129 |
130 | # Opaque subitems
Module Products.CMFCore.WorkflowTool, line 354, in notifyCreated
352 | wfs = self.getWorkflowsFor(ob)
353 | for wf in wfs:
354>| wf.notifyCreated(ob)
355 | self._reindexWorkflowVariables(ob)
356 |
Module Products.DCWorkflow.DCWorkflow, line 388, in notifyCreated
386 | """
387 | try:
388>| self._changeStateOf(ob, None)
389 | except ( ObjectDeleted, ObjectMoved ):
390 | # Swallow.
Module Products.DCWorkflow.DCWorkflow, line 479, in _changeStateOf
477 | if sdef is None:
478 | break
479>| tdef = self._findAutomaticTransition(ob, sdef)
480 | if tdef is None:
481 | # No more automatic transitions.
Module Products.DCWorkflow.DCWorkflow, line 458, in _findAutomaticTransition
456 | t = self.transitions.get(tid, None)
457 | if t is not None and t.trigger_type == TRIGGER_AUTOMATIC:
458>| if self._checkTransitionGuard(t, ob):
459 | tdef = t
460 | break
Module Products.DCWorkflow.DCWorkflow, line 449, in _checkTransitionGuard
447 | if guard is None:
448 | return 1
449>| if guard.check(getSecurityManager(), self, ob, **kw):
450 | return 1
451 | return 0
Module Products.DCWorkflow.Guard, line 90, in check
088 | econtext = createExprContext(
089 | StateChangeInfo(ob, wf_def, kwargs=kw))
090>| res = expr(econtext)
091 | if not res:
092 | return 0
Module Products.CMFCore.Expression, line 44, in __call__
042 | # ?? Maybe expressions should manipulate the security
043 | # context stack.
044>| res = compiled(econtext)
045 | if isinstance(res, Exception):
046 | raise res
Module Products.PageTemplates.ZRPythonExpr, line 47, in __call__
045 | g = self._bind_used_names(econtext)
046 | g.update(self._globals)
047>| return eval(code, g, {})
048 |
049 |class _SecureModuleImporter:
Module Python expression "here.hasData()", line 1, in <expression>
Unauthorized: You are not allowed to access 'hasData' in this context