Submitted by : 127.0.0.1 at: 2006-05-10T07:33:06+00:00 (11 years ago)
Name :
Category : Severity : Status :
Optional subject :  
Optional comment :

I have a user which can edit a page. Fine. After he tries to edit the page a SECOND time he is asked again for username/password. Reagardless what he types there (doublechecked passwords/username) he gets a traceback afterwards:

Traceback (innermost last):

Module ZPublisher.Publish, line 187, in publish_module_standard
Module ZPublisher.Publish, line 144, in publish
Module Zope2.App.startup, line 199, in zpublisher_exception_hook
Module ZPublisher.Publish, line 113, in publish
Module ZPublisher.mapply, line 88, in mapply
Module ZPublisher.Publish, line 40, in call_object
Module Products.ZWiki.Views, line 617, in editform
Module Shared.DC.Scripts.Bindings, line 311, in __call__
Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec
Module Products.PageTemplates.PageTemplateFile, line 110, in _exec
Module Products.PageTemplates.PageTemplate, line 104, in pt_render
<PageTemplateFile at /bss/dokuwiki/editform used for /bss/dokuwiki/BSSTire40>
Module TAL.TALInterpreter, line 206, in __call__
Module TAL.TALInterpreter, line 250, in interpret
Module TAL.TALInterpreter, line 711, in do_useMacro
Module TAL.TALInterpreter, line 250, in interpret
Module TAL.TALInterpreter, line 426, in do_optTag_tal
Module TAL.TALInterpreter, line 411, in do_optTag
Module TAL.TALInterpreter, line 406, in no_tag
Module TAL.TALInterpreter, line 250, in interpret
Module TAL.TALInterpreter, line 734, in do_defineSlot
Module TAL.TALInterpreter, line 250, in interpret
Module TAL.TALInterpreter, line 477, in do_setLocal_tal
Module Products.PageTemplates.TALES, line 221, in evaluate
URL: editform
Line 25, Column 4
Expression: <PythonExpr request.form.get('log', ((editing and here.usernameFrom(request) == here.last_editor and here.ZopeTime() - here.lastEditTime() < 1) and here.last_log) or '' )>
Names:
{'container': <Folder at /bss/dokuwiki>,
 'context': <ZWikiPage 'BSSTire40' at 0x267ecd0>,
 'default': <Products.PageTemplates.TALES.Default instance at 0x01093D28>,
 'here': <ZWikiPage 'BSSTire40' at 0x267ecd0>,
 'loop': <Products.PageTemplates.TALES.SafeMapping object at 0x02450760>,
 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at 0x0107FF58>,
 'nothing': None,
 'options': {'action': 'Change',
             'args': (<ZWikiPage 'BSSTire40' at 0x267ecd0>,
                      <HTTPRequest, URL=<someurl>ictlinux/bss/dokuwiki/BSSTire40/editform>),
             'id': 'BSSTire40',
             'oldid': 'BSSTire40',
             'page': 'BSSTire40',
             'text': '<H1>Root: Dokumentation BSS.tire 4.0</H1><BR><B>Verwandte Links:</B> BSSTirePlanung, BSSTireModule, BSSTireQualit\xc3\xa4tssicherung, BSSTireBesprechungen BSSTireObjekte <BR><BR><BR><BR>'},
 'repeat': <Products.PageTemplates.TALES.SafeMapping object at 0x02450760>,
 'request': <HTTPRequest, URL=<someurl>ictlinux/bss/dokuwiki/BSSTire40/editform>,
 'root': <Application at >,
 'template': <PageTemplateFile at /bss/dokuwiki/editform used for /bss/dokuwiki/BSSTire40>,
 'traverse_subpath': [],
 'user': wolfi}
Module Products.PageTemplates.ZRPythonExpr, line 47, in __call__
__traceback_info__: request.form.get('log', ((editing and here.usernameFrom(request) == here.last_editor and here.ZopeTime() - here.lastEditTime() < 1) and here.last_log) or '' )
Module Python expression "request.form.get('log', ((editing and here.usernameFrom(request) == here.last_editor and here.ZopeTime() - here.lastEditTime() < 1) and here.last_log) or '' )", line 1, in <expression>
Unauthorized

BTW: the ´strange´ <someurl> are just searched and replaces by me for "http://" since ZWiki moaned dureing posting about external links ...

Best Regards,

ArnoPucher

Re: [#1261]? --Simon Michael, Wed, 10 May 2006 08:45:05 -0700 reply

ArnoPucher wrote: > BTW: the ´strange´ <someurl> are just searched and replaces by me for "http://" since ZWiki moaned dureing posting about external links ...

I'm sorry about the moaning. :) That is annoying.. the max links anti-spam feature interferes with pasting tracebacks.

... --Simon Michael, Wed, 10 May 2006 09:38:13 -0700 reply

See that complex "log" expression around line 30 of editform.pt, which seems to be giving the unauthorized error. I wonder if it's just broken, and that code is usually not executed. Is restricted code able to access attributes directly, like here.last_editor and here.last_log ? I can't remember.. I'd have guessed no.

Can you look at that traceback in the error_log ? I think it might give a little more information about what's causing the unauthorized.

Traceback from ERROR_LOG --ArnoPucher, Thu, 11 May 2006 00:02:07 -0700 reply

The problem seems to be the access of "ZopeDateTime?".

Traceback:

User Name (User Id)    wolfi (wolfi)
Request URL   http://ictlinux/bss/dokuwiki/Wolfgang/editform
Exception Type        Unauthorized
Exception Value       You are not allowed to access 'ZopeTime' in this context

Traceback (innermost last):

    * Module ZPublisher.Publish, line 113, in publish
    * Module ZPublisher.mapply, line 88, in mapply
    * Module ZPublisher.Publish, line 40, in call_object
    * Module Products.ZWiki.Views, line 617, in editform
    * Module Shared.DC.Scripts.Bindings, line 311, in __call__
    * Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec
    * Module Products.PageTemplates.PageTemplateFile, line 110, in _exec
    * Module Products.PageTemplates.PageTemplate, line 104, in pt_render
      <PageTemplateFile at /bss/dokuwiki/editform used for /bss/dokuwiki/Wolfgang>
    * Module TAL.TALInterpreter, line 206, in __call__
    * Module TAL.TALInterpreter, line 250, in interpret
    * Module TAL.TALInterpreter, line 711, in do_useMacro
    * Module TAL.TALInterpreter, line 250, in interpret
    * Module TAL.TALInterpreter, line 426, in do_optTag_tal
    * Module TAL.TALInterpreter, line 411, in do_optTag
    * Module TAL.TALInterpreter, line 406, in no_tag
    * Module TAL.TALInterpreter, line 250, in interpret
    * Module TAL.TALInterpreter, line 734, in do_defineSlot
    * Module TAL.TALInterpreter, line 250, in interpret
    * Module TAL.TALInterpreter, line 477, in do_setLocal_tal
    * Module Products.PageTemplates.TALES, line 221, in evaluate
      URL: editform
      Line 25, Column 4
      Expression: <PythonExpr request.form.get('log', ((editing and here.usernameFrom(request) == here.last_editor and here.ZopeTime() - here.lastEditTime() < 1) and here.last_log) or '' )>
      Names:

      {'container': <Folder at /bss/dokuwiki>,
       'context': <ZWikiPage 'Wolfgang' at 0x26abf10>,
       'default': <Products.PageTemplates.TALES.Default instance at 0x01093D28>,
       'here': <ZWikiPage 'Wolfgang' at 0x26abf10>,
       'loop': <Products.PageTemplates.TALES.SafeMapping object at 0x027494E0>,
       'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at 0x0107FF58>,
       'nothing': None,
       'options': {'action': 'Change',
                   'args': (<ZWikiPage 'Wolfgang' at 0x26abf10>,
                            <HTTPRequest, URL=http://ictlinux/bss/dokuwiki/Wolfgang/editform>),
                   'id': 'wolfgang',
                   'oldid': 'Wolfgang',
                   'page': 'wolfgang',
                   'text': '[MasterThesis]\n\n[BSSAdHocEDIEngine]\n\n[AKInstaller]'},
       'repeat': <Products.PageTemplates.TALES.SafeMapping object at 0x027494E0>,
       'request': <HTTPRequest, URL=http://ictlinux/bss/dokuwiki/Wolfgang/editform>,
       'root': <Application at >,
       'template': <PageTemplateFile at /bss/dokuwiki/editform used for /bss/dokuwiki/Wolfgang>,
       'traverse_subpath': [],
       'user': wolfi}

    * Module Products.PageTemplates.ZRPythonExpr, line 47, in __call__
      __traceback_info__: request.form.get('log', ((editing and here.usernameFrom(request) == here.last_editor and here.ZopeTime() - here.lastEditTime() < 1) and here.last_log) or '' )
    * Module Python expression "request.form.get('log', ((editing and here.usernameFrom(request) == here.last_editor and here.ZopeTime() - here.lastEditTime() < 1) and here.last_log) or '' )", line 1, in <expression>

Unauthorized: You are not allowed to access 'ZopeTime' in this context

Guess the:

((editing and
 here.usernameFrom(request) == here.last_editor and
 here.ZopeTime() - here.lastEditTime() < 1) and here.last_log) or ''
 );

"here.ZopeTime?() - here.lastEditTime()" might be the problem.

Are there any special user rights needed for querying that times ?

Re: [#1261]? --ArnoPucher, Thu, 11 May 2006 00:12:27 -0700 reply

>I'm sorry about the moaning. :) That is annoying.. the max links anti-spam feature interferes with pasting tracebacks.

No problem. Guess its the only way to fight off "SpamBots" ...

... --simon, Wed, 02 Aug 2006 15:12:24 -0700 reply

Name: '#1261 One time edit ...' => '#1261 always get a unauthorized error after second edit'

help me reproduce --simon, Wed, 02 Aug 2006 15:14:26 -0700 reply

Is this in plone ?

How are permissions configured and does this affect only users with certain roles ?

Roles have to do nothing with it .... --ArnoPucher, Thu, 16 Nov 2006 07:18:40 -0800 reply

If I give a user "manager" + "owner" + "zwiki_user" role. Same error ...

help me reproduce --ArnoPucher, Thu, 16 Nov 2006 07:53:13 -0800 reply

also have a look @ PictureForIssue1261 hopefully that helps little

Is this still open? --betabug, Fri, 23 Feb 2007 11:29:45 +0000 reply

I can't reproduce it and I've checked on several "open" and "closed" zwikis.

As for the roles: Never give anybody the "owner" role. "Owner" is used only zope internal. Same goes for checking the "owner" role in the permission settings, usually just leave it as it is, it's meant for very special cases only.

Is this still open? --EmmaLaurijssens, Mon, 09 Apr 2007 00:26:50 +0000 reply

Can't reproduce either.

... --EmmaLaurijssens, Mon, 09 Apr 2007 00:27:04 +0000 reply

Status: open => closed