Submitted by : simon at: 2003-10-26T21:32:14+00:00 (14 years ago)
Name :
Category : Severity : Status :
Optional subject :  
Optional comment :

Using: 0-20-0 w/ Zope 2.6: Pages in my zWiki are set to "acquire" all permissions, save one page that's intentionally restricted to view only by managers. But one page set to "acquire" all permissions is mysteriously prompting anon visitors for username and password when they try to view it. Ironically, this page is called ZWikiMatters =}

The zWiki folder has "view" and "add comments" set to "acquire". See zWiki permissions problems at GeneralDiscussion for tweaks I'm making to the general permissions settings, which don't affect the problems with this one page.

The error message that it gives (for unauthetnicated attempts) is different from the error message given by the page w/restricted access, called SysAdminInfo.

For SysAdminInfo :

  Traceback (innermost last):

    * Module ZPublisher.Publish, line 150, in publish_module
    * Module ZPublisher.Publish, line 114, in publish
    * Module Zope, line 171, in zpublisher_exception_hook
    * Module ZPublisher.Publish, line 89, in publish
    * Module ZPublisher.BaseRequest, line 425, in traverse
    * Module ZPublisher.HTTPResponse, line 647, in unauthorized

For ZwikiMatters :

  Traceback (innermost last):

    * Module ZPublisher.Publish, line 150, in publish_module
    * Module ZPublisher.Publish, line 114, in publish
    * Module Zope, line 171, in zpublisher_exception_hook
    * Module ZPublisher.Publish, line 98, in publish
    * Module ZPublisher.mapply, line 88, in mapply
    * Module ZPublisher.Publish, line 39, in call_object
    * Module Products.ZWiki.ZWikiPage, line 265, in __call__
    * Module Products.ZWiki.ZWikiPage, line 278, in render
    * Module Products.ZWiki.ZWikiPage, line 405, in render_msgstxprelinkdtmlfitissuehtml
    * Module OFS.DTMLDocument, line 131, in __call__
    * Module DocumentTemplate.DT_String, line 474, in __call__
    * Module OFS.DTMLMethod, line 119, in __call__
    * Module DocumentTemplate.DT_String, line 474, in __call__
    * Module DocumentTemplate.DT_Let, line 76, in render
    * Module DocumentTemplate.DT_In, line 678, in renderwob
    * Module AccessControl.DTML, line 32, in guarded_getitem
    * Module AccessControl.ZopeGuards, line 94, in guarded_getitem

What's happeneing? I tried turning the existing page into an archive by renaming it, and creating a new page with that name --- and the behavior is the same.

thanks,

LaT


comments:

ideas --SimonMichael, 2003/07/20 06:21 GMT reply
Hi Laura - thanks for posting tracebacks, this helps a lot.

LaurazWiki:SysAdminInfo is clearly a straight no-permission-to-view-zope-object problem. Do you need to grant Access contents information permission ? In general a user must have this and View permission to view any zope object.

LaurazWiki:WhatAreProtoTools's traceback shows the page has been accessed ok but access is denied during evaluation of DTML embedded in the page. You have two dtml-vars - one or both are at fault.

Installing the VerboseSecurity? product might give more detail to help track this down.

ideas -- 2003/07/21 01:08 GMT reply

> LaurazWiki:SysAdminInfo is clearly a straight no-permission-to-view-zope-object problem.

Right, I only provided that as a comparison. It's working the way I want it to work.


> LaurazWiki:WhatAreProtoTools's traceback shows the page has been accessed ok but access is denied during evaluation of DTML embedded in the page. You have two dtml-vars - one or both are at fault.

Um, that page has a rendering problem, but it's just an artifact of modifying the default allowed page types. I have to open every page in the zWiki that predated the modification and resave again as STX to correct it. But I wasn't having trouble accessing it during tests as anon. Did you?

The page that gave me the problem was LaurazWiki:ZWikiMatters, now LaurazWiki:ZWikiMattersArchive. I've fixed it now but only by deleting the original and making anew page in the ZMI. It was mysterious and sticky: even a new page created with that name inherited the behavior, yesterday, but not today.


> Installing the VerboseSecurity?? product might give more detail to help track this down.

Well, the original trace back is above, the one for ZWikiMatters. I'd rather avoid getting into verbose trace backs, for as long as possible, anyway. =}

thanks.

Re: [IssueNo0553? access permissions denied on page set to acquire all] ideas --Simon Michael, 2003/07/21 18:04 GMT reply

> Right, I only provided that as a comparison. It's working the way I
> want it to work.

Oh. Good. :)


> Um, that page has a rendering problem, but it's just an artifact of
> modifying the default allowed page types. I have to open every page in
> the zWiki that predated the modification and resave again as STX to
> correct it. But I wasn't having trouble accessing it during tests as
> anon. Did you?
>
> The page that gave me the problem was LaurazWiki:ZWikiMatters, now

Ack, why did I write that. Sorry, I meant ZWikiMatters. When I viewed that page as anonymous it prompted for authentication. Same thing at LaurazWiki:ZWikiSphere. I have the impression the dtml-vars are doing something anonymous doesn't have permission for.

property change --simon, Mon, 25 Oct 2004 23:29:59 -0700 reply
Category: admin-creatingconfiguring => general Status: open => closed

boobs -- Thu, 24 Mar 2005 19:22:15 -0800 reply