I have a user which can edit a page. Fine. After he tries to edit the page a SECOND time he is asked again for username/password. Reagardless what he types there (doublechecked passwords/username) he gets a traceback afterwards:
Traceback (innermost last): Module ZPublisher.Publish, line 187, in publish_module_standard Module ZPublisher.Publish, line 144, in publish Module Zope2.App.startup, line 199, in zpublisher_exception_hook Module ZPublisher.Publish, line 113, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 40, in call_object Module Products.ZWiki.Views, line 617, in editform Module Shared.DC.Scripts.Bindings, line 311, in __call__ Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec Module Products.PageTemplates.PageTemplateFile, line 110, in _exec Module Products.PageTemplates.PageTemplate, line 104, in pt_render <PageTemplateFile at /bss/dokuwiki/editform used for /bss/dokuwiki/BSSTire40> Module TAL.TALInterpreter, line 206, in __call__ Module TAL.TALInterpreter, line 250, in interpret Module TAL.TALInterpreter, line 711, in do_useMacro Module TAL.TALInterpreter, line 250, in interpret Module TAL.TALInterpreter, line 426, in do_optTag_tal Module TAL.TALInterpreter, line 411, in do_optTag Module TAL.TALInterpreter, line 406, in no_tag Module TAL.TALInterpreter, line 250, in interpret Module TAL.TALInterpreter, line 734, in do_defineSlot Module TAL.TALInterpreter, line 250, in interpret Module TAL.TALInterpreter, line 477, in do_setLocal_tal Module Products.PageTemplates.TALES, line 221, in evaluate URL: editform Line 25, Column 4 Expression: <PythonExpr request.form.get('log', ((editing and here.usernameFrom(request) == here.last_editor and here.ZopeTime() - here.lastEditTime() < 1) and here.last_log) or '' )> Names: {'container': <Folder at /bss/dokuwiki>, 'context': <ZWikiPage 'BSSTire40' at 0x267ecd0>, 'default': <Products.PageTemplates.TALES.Default instance at 0x01093D28>, 'here': <ZWikiPage 'BSSTire40' at 0x267ecd0>, 'loop': <Products.PageTemplates.TALES.SafeMapping object at 0x02450760>, 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at 0x0107FF58>, 'nothing': None, 'options': {'action': 'Change', 'args': (<ZWikiPage 'BSSTire40' at 0x267ecd0>, <HTTPRequest, URL=<someurl>ictlinux/bss/dokuwiki/BSSTire40/editform>), 'id': 'BSSTire40', 'oldid': 'BSSTire40', 'page': 'BSSTire40', 'text': '<H1>Root: Dokumentation BSS.tire 4.0</H1><BR><B>Verwandte Links:</B> BSSTirePlanung, BSSTireModule, BSSTireQualit\xc3\xa4tssicherung, BSSTireBesprechungen BSSTireObjekte <BR><BR><BR><BR>'}, 'repeat': <Products.PageTemplates.TALES.SafeMapping object at 0x02450760>, 'request': <HTTPRequest, URL=<someurl>ictlinux/bss/dokuwiki/BSSTire40/editform>, 'root': <Application at >, 'template': <PageTemplateFile at /bss/dokuwiki/editform used for /bss/dokuwiki/BSSTire40>, 'traverse_subpath': [], 'user': wolfi} Module Products.PageTemplates.ZRPythonExpr, line 47, in __call__ __traceback_info__: request.form.get('log', ((editing and here.usernameFrom(request) == here.last_editor and here.ZopeTime() - here.lastEditTime() < 1) and here.last_log) or '' ) Module Python expression "request.form.get('log', ((editing and here.usernameFrom(request) == here.last_editor and here.ZopeTime() - here.lastEditTime() < 1) and here.last_log) or '' )", line 1, in <expression> Unauthorized
BTW: the ´strange´ <someurl> are just searched and replaces by me for "http://" since ZWiki moaned dureing posting about external links ...
Best Regards,
ArnoPucher
Re: [#1261]? --Simon Michael, Wed, 10 May 2006 08:45:05 -0700 reply
ArnoPucher wrote: > BTW: the ´strange´ <someurl> are just searched and replaces by me for "http://" since ZWiki moaned dureing posting about external links ...
I'm sorry about the moaning. :) That is annoying.. the max links anti-spam feature interferes with pasting tracebacks.
... --Simon Michael, Wed, 10 May 2006 09:38:13 -0700 reply
See that complex "log" expression around line 30 of editform.pt, which seems to be giving the unauthorized error. I wonder if it's just broken, and that code is usually not executed. Is restricted code able to access attributes directly, like here.last_editor and here.last_log ? I can't remember.. I'd have guessed no.
Can you look at that traceback in the error_log ? I think it might give a little more information about what's causing the unauthorized.
Traceback from ERROR_LOG --ArnoPucher, Thu, 11 May 2006 00:02:07 -0700 reply
The problem seems to be the access of "ZopeDateTime?".
Traceback:
User Name (User Id) wolfi (wolfi) Request URL http://ictlinux/bss/dokuwiki/Wolfgang/editform Exception Type Unauthorized Exception Value You are not allowed to access 'ZopeTime' in this context Traceback (innermost last): * Module ZPublisher.Publish, line 113, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 40, in call_object * Module Products.ZWiki.Views, line 617, in editform * Module Shared.DC.Scripts.Bindings, line 311, in __call__ * Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec * Module Products.PageTemplates.PageTemplateFile, line 110, in _exec * Module Products.PageTemplates.PageTemplate, line 104, in pt_render <PageTemplateFile at /bss/dokuwiki/editform used for /bss/dokuwiki/Wolfgang> * Module TAL.TALInterpreter, line 206, in __call__ * Module TAL.TALInterpreter, line 250, in interpret * Module TAL.TALInterpreter, line 711, in do_useMacro * Module TAL.TALInterpreter, line 250, in interpret * Module TAL.TALInterpreter, line 426, in do_optTag_tal * Module TAL.TALInterpreter, line 411, in do_optTag * Module TAL.TALInterpreter, line 406, in no_tag * Module TAL.TALInterpreter, line 250, in interpret * Module TAL.TALInterpreter, line 734, in do_defineSlot * Module TAL.TALInterpreter, line 250, in interpret * Module TAL.TALInterpreter, line 477, in do_setLocal_tal * Module Products.PageTemplates.TALES, line 221, in evaluate URL: editform Line 25, Column 4 Expression: <PythonExpr request.form.get('log', ((editing and here.usernameFrom(request) == here.last_editor and here.ZopeTime() - here.lastEditTime() < 1) and here.last_log) or '' )> Names: {'container': <Folder at /bss/dokuwiki>, 'context': <ZWikiPage 'Wolfgang' at 0x26abf10>, 'default': <Products.PageTemplates.TALES.Default instance at 0x01093D28>, 'here': <ZWikiPage 'Wolfgang' at 0x26abf10>, 'loop': <Products.PageTemplates.TALES.SafeMapping object at 0x027494E0>, 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at 0x0107FF58>, 'nothing': None, 'options': {'action': 'Change', 'args': (<ZWikiPage 'Wolfgang' at 0x26abf10>, <HTTPRequest, URL=http://ictlinux/bss/dokuwiki/Wolfgang/editform>), 'id': 'wolfgang', 'oldid': 'Wolfgang', 'page': 'wolfgang', 'text': '[MasterThesis]\n\n[BSSAdHocEDIEngine]\n\n[AKInstaller]'}, 'repeat': <Products.PageTemplates.TALES.SafeMapping object at 0x027494E0>, 'request': <HTTPRequest, URL=http://ictlinux/bss/dokuwiki/Wolfgang/editform>, 'root': <Application at >, 'template': <PageTemplateFile at /bss/dokuwiki/editform used for /bss/dokuwiki/Wolfgang>, 'traverse_subpath': [], 'user': wolfi} * Module Products.PageTemplates.ZRPythonExpr, line 47, in __call__ __traceback_info__: request.form.get('log', ((editing and here.usernameFrom(request) == here.last_editor and here.ZopeTime() - here.lastEditTime() < 1) and here.last_log) or '' ) * Module Python expression "request.form.get('log', ((editing and here.usernameFrom(request) == here.last_editor and here.ZopeTime() - here.lastEditTime() < 1) and here.last_log) or '' )", line 1, in <expression> Unauthorized: You are not allowed to access 'ZopeTime' in this context
Guess the:
((editing and here.usernameFrom(request) == here.last_editor and here.ZopeTime() - here.lastEditTime() < 1) and here.last_log) or '' );
"here.ZopeTime?() - here.lastEditTime()" might be the problem.
Are there any special user rights needed for querying that times ?
Re: [#1261]? --ArnoPucher, Thu, 11 May 2006 00:12:27 -0700 reply
>I'm sorry about the moaning. :) That is annoying.. the max links anti-spam feature interferes with pasting tracebacks.
No problem. Guess its the only way to fight off "SpamBots" ...
... --simon, Wed, 02 Aug 2006 15:12:24 -0700 reply
Name: '#1261 One time edit ...' => '#1261 always get a unauthorized error after second edit'
help me reproduce --simon, Wed, 02 Aug 2006 15:14:26 -0700 reply
Is this in plone ?
How are permissions configured and does this affect only users with certain roles ?
Roles have to do nothing with it .... --ArnoPucher, Thu, 16 Nov 2006 07:18:40 -0800 reply
If I give a user "manager" + "owner" + "zwiki_user" role. Same error ...
help me reproduce --ArnoPucher, Thu, 16 Nov 2006 07:53:13 -0800 reply
also have a look @ PictureForIssue1261 hopefully that helps little
Is this still open? --betabug, Fri, 23 Feb 2007 11:29:45 +0000 reply
I can't reproduce it and I've checked on several "open" and "closed" zwikis.
As for the roles: Never give anybody the "owner" role. "Owner" is used only zope internal. Same goes for checking the "owner" role in the permission settings, usually just leave it as it is, it's meant for very special cases only.
Is this still open? --EmmaLaurijssens, Mon, 09 Apr 2007 00:26:50 +0000 reply
Can't reproduce either.
... --EmmaLaurijssens, Mon, 09 Apr 2007 00:27:04 +0000 reply
Status: open => closed