Zope 2

Cannot call "manage_copyObjects" from script with proxy roles

Bug #142717 reported by Chris McDonough on 2003-09-23

Affects		Status	Importance	Assigned to	Milestone
	Zope 2	Fix Released	Low	Unassigned

Bug Description

Script has proxy-role for manager and is called by anonymous:

id='foo'
clip=context.manage_copyObjects([id])
context.manage_pasteObjects(cb_copy_data=clip)

Error-message:

"The action against the id object could not be carried out. One of the following constraints caused the problem:

The object does not support this operation.

-- OR --

The currently logged-in user does not have the Copy or Move permission respective to the object. "

"You are not authorized to access this resource."

Tags:

Revision history for this message

Dieter Maurer (d.maurer) wrote on 2003-11-13:

patch (attachment leads to
insufficient privileges)

--- CopySupport.py~ 2003-06-10 09:10:14.000000000 +0200
+++ CopySupport.py 2003-11-13 14:40:08.000000000 +0100
@@ -23,6 +23,11 @@
from zExceptions import Unauthorized
from AccessControl import getSecurityManager

+# for "_verifyObjectPaste" fix
+from Globals import InitializeClass
+from Acquisition import Implicit
+from AccessControl import ClassSecurityInfo
+
CopyError='Copy Error'

_marker=[]
@@ -335,7 +340,15 @@
break

         if mt_permission is not None:
- if getSecurityManager().checkPermission( mt_permission, self ):
+ # DM: the following does not take executable security (owner
+ # ship, proxy roles) into account.
+ #if getSecurityManager().checkPermission( mt_permission, self ):
+ class _Proxy(Implicit):
+ security= ClassSecurityInfo()
+ _Proxy.security.declareObjectProtected(mt_permission)
+ InitializeClass(_Proxy)
+ _proxy= _Proxy().__of__(self)
+ if getSecurityManager().validate(None,self,None,_proxy):
                 if not validate_src:
                     return
                 # Ensure the user is allowed to access the object on the

Revision history for this message

Andreas Jung (ajung) wrote on 2003-11-18:

This patch applies only to the 2.6 branch but it can not
be applied to the 2.7 branch since the code there is
different.

-aj

Revision history for this message

Tres Seaver (tseaver) wrote on 2010-05-16:

Needs reverification on a modern Zope.

Changed in zope2:
importance:	Medium → Low
status:	New → Triaged

Revision history for this message

Jens Vagelpohl (dataflake-deactivatedaccount-deactivatedaccount) wrote on 2010-06-16:

This issue has been fixed along the way, I can run the example script without issues on Zope 2.12.8dev and get a copied instance in the ZODB.

Changed in zope2:
status:	Triaged → Fix Released
assignee:	nobody → Jens Vagelpohl (jens-dataflake)

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #142782

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.