Mikolaj Antoszkiewicz
2008-06-02 12:35:46 UTC
Hello,
I've been trying to contribute a document through
(Entity_viewContributeFile form) Entity_contributeContent script.
During processsing I get an anauthorized exception in
'processing_status_workflow' on here.hasData()
It looks like security is unset yet, and user doesn't have any
permissions to check for that Data. Giving Entity_contributeContent
proxy role works, but I'm sure there might be a better way...
My question is what could be the other way? Is this a known issue?
Miko?aj
P.S. When the document is created user has intentional full access to it
P.P.S. Traceback included:
* <PythonScript at /erp5/Entity_contributeContent used for
/erp5/requirement_module/5>
Line 20
* Module AccessControl.ZopeGuards, line 341, in guarded_apply
* Module AccessControl.ZopeGuards, line 363, in builtin_guarded_apply
* Module Products.ERP5.Tool.ContributionTool, line 246, in newContent
* Module Products.ERP5Type.WebDAVSupport, line 233, in PUT_factory
* Module Products.CMFCore.TypesTool, line 930, in constructContent
* Module Products.Experimental.patches.ERP5Type_always_init_script,
line 58, in ERP5TypeInformation_constructInstance
* Module Products.CMFCore.TypesTool, line 354, in _finishConstruction
* Module Products.CMFCore.CMFCatalogAware, line 128, in
notifyWorkflowCreated
* Module Products.CMFCore.WorkflowTool, line 354, in notifyCreated
* Module Products.DCWorkflow.DCWorkflow, line 388, in notifyCreated
* Module Products.DCWorkflow.DCWorkflow, line 479, in _changeStateOf
* Module Products.DCWorkflow.DCWorkflow, line 458, in
_findAutomaticTransition
* Module Products.DCWorkflow.DCWorkflow, line 449, in
_checkTransitionGuard
* Module Products.DCWorkflow.Guard, line 90, in check
* Module Products.CMFCore.Expression, line 44, in __call__
* Module Products.PageTemplates.ZRPythonExpr, line 47, in __call__
__traceback_info__: here.hasData()
* Module Python expression "here.hasData()", line 1, in <expression>
* Module AccessControl.ImplPython, line 727, in guarded_getattr
* Module AccessControl.ImplPython, line 669, in aq_validate
* Module AccessControl.ImplPython, line 563, in validate
* Module AccessControl.ImplPython, line 461, in validate
* Module AccessControl.ImplPython, line 808, in raiseVerbose
Unauthorized: Your user account does not have the required permission.
Access to 'hasData' of (OOoDocument at
/erp5/portal_contributions/test_document.odt) denied. Your user account,
boss, exists at /erp5/acl_users. Access requires one of the following
roles: ['Assignee', 'Assignor', 'Associate', 'Auditor', 'Author',
'Manager']. Your roles in this context are ['Authenticated', 'Member',
'Owner'].
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3229 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.tiolive.com/pipermail/erp5-dev/attachments/20080602/96cb9ff9/attachment.bin>
I've been trying to contribute a document through
(Entity_viewContributeFile form) Entity_contributeContent script.
During processsing I get an anauthorized exception in
'processing_status_workflow' on here.hasData()
It looks like security is unset yet, and user doesn't have any
permissions to check for that Data. Giving Entity_contributeContent
proxy role works, but I'm sure there might be a better way...
My question is what could be the other way? Is this a known issue?
Miko?aj
P.S. When the document is created user has intentional full access to it
P.P.S. Traceback included:
* <PythonScript at /erp5/Entity_contributeContent used for
/erp5/requirement_module/5>
Line 20
* Module AccessControl.ZopeGuards, line 341, in guarded_apply
* Module AccessControl.ZopeGuards, line 363, in builtin_guarded_apply
* Module Products.ERP5.Tool.ContributionTool, line 246, in newContent
* Module Products.ERP5Type.WebDAVSupport, line 233, in PUT_factory
* Module Products.CMFCore.TypesTool, line 930, in constructContent
* Module Products.Experimental.patches.ERP5Type_always_init_script,
line 58, in ERP5TypeInformation_constructInstance
* Module Products.CMFCore.TypesTool, line 354, in _finishConstruction
* Module Products.CMFCore.CMFCatalogAware, line 128, in
notifyWorkflowCreated
* Module Products.CMFCore.WorkflowTool, line 354, in notifyCreated
* Module Products.DCWorkflow.DCWorkflow, line 388, in notifyCreated
* Module Products.DCWorkflow.DCWorkflow, line 479, in _changeStateOf
* Module Products.DCWorkflow.DCWorkflow, line 458, in
_findAutomaticTransition
* Module Products.DCWorkflow.DCWorkflow, line 449, in
_checkTransitionGuard
* Module Products.DCWorkflow.Guard, line 90, in check
* Module Products.CMFCore.Expression, line 44, in __call__
* Module Products.PageTemplates.ZRPythonExpr, line 47, in __call__
__traceback_info__: here.hasData()
* Module Python expression "here.hasData()", line 1, in <expression>
* Module AccessControl.ImplPython, line 727, in guarded_getattr
* Module AccessControl.ImplPython, line 669, in aq_validate
* Module AccessControl.ImplPython, line 563, in validate
* Module AccessControl.ImplPython, line 461, in validate
* Module AccessControl.ImplPython, line 808, in raiseVerbose
Unauthorized: Your user account does not have the required permission.
Access to 'hasData' of (OOoDocument at
/erp5/portal_contributions/test_document.odt) denied. Your user account,
boss, exists at /erp5/acl_users. Access requires one of the following
roles: ['Assignee', 'Assignor', 'Associate', 'Auditor', 'Author',
'Manager']. Your roles in this context are ['Authenticated', 'Member',
'Owner'].
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3229 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mail.tiolive.com/pipermail/erp5-dev/attachments/20080602/96cb9ff9/attachment.bin>