accessing the SMI directly if public view access restrictions is set leads to AttributeError instead of authorization
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Silva |
Fix Released
|
Medium
|
Joachim Scmitz |
Bug Description
Steps to reproduce:
a) set an access restriction on the Silva Root of
e.g. "Viewer" (at least not authenticated)
b) logout or resart the browser
c) go directly to the SMI without visiting the public view
instead of an authorization popup one gets an error page with
an AttributeError
This has been originally reported by Samuel Schluep in
http://
(and earlier by myself in
http://
but I did not figure out that the view restriction is an important part
of the puzzle, so nobody has been able to reproduce this :-/ )
Surprisingly this does not cause problems when accessing the SMI
via appending "/edit/tab_edit", only when appending "/edit"
A possible fix is to declare a security restriction on
the "edit" attribute of SilvaObject.
I have just checked this and it seems to work.
Before I check in anything related to this issue, could please someone
else try to reploduce it?
Hi Clemens,
We have discovered this bug a couple of weeks ago, but didn't submit it becasue
we couldn't figure out whether it really was a silva bug or something we were
doing wrong with our general zope permission settings!
So yes, I can reproduce this with Silva 0.9.2.5.