local grants don't work properly for objects with object fields
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Zope 3 |
Won't Fix
|
Critical
|
Christian Theune | ||
| 3.4 |
Won't Fix
|
Critical
|
Christian Theune | ||
Bug Description
Steps to reproduce this bug:
Install the families pkg provided in families.tgz,
this allows you to add two different components
Family and SimpleFamily in your ZMI.
Note that they differ in their interfaces in the way the mother (and father) fields are defined:
mother=
mother=
They are both protected by the same permissions/roles:
* in order to view families (simple families) one
needs families.View permission, respectively
the families.Reader role
* to edit them families.Edit permission is required
respectivley the families.Editor role
Add a folder (say "folder") somewhere in your ZMI content space and within that folder some Family and SimpleFamily
objects (say "family" and "simplefamily") - at that point permissions don't matter yet - i. e. I added these objects as a previliged user with the zope.Manager role.
Make the folder a site and create a local user within that
site. This involves creating a pluggable
authentication utility (say pau) within the site
management folder (registering it), a prinicpal folder
(say users) within the pau (registering it, going back to the configuration of the pau now using the users utility as an authenticator plugin and Zope Realm Basic Auth as Credential plugins) and creating a prinicpal within the users principal folder (say a user "local").
Go to folder > Grant, search for the newly created local user in
/folder/
Create two more users say reader (with the families.Reader role) and user (with families.Reader and families.Editor roles) in your principals file. For convenience these are
already provided in extra/families-
can just include this file your principals.zcml with
<include file="families-
Now you have 3 different users: reader and user from
your principals file and the local user of the folder
site. Note that the"local" user of the site has the same roles (permissions) as the "user" from the principals file.
Now try to acces the two objects family and simplefamily with these three different users (in a different browser)
(6 possibilities alltogether)
Whereas in the case of simplefamily the "local" user and the "user" from the principals file both have the same behaviour (and that is correct), the "local" user can't view the family object - this seems a bug to me.
As I am still learning about utilities, registration of them etc. there is a small chance that there is a configuration error on my behalf. (I can give even more
detailed explanations of how I created the pau, the users folder, the local user above). If someone prooves me wrong
I would be glad to hear. I doubt it though, as everything
works fine for the simplefamily Object. The problem is only
with the family Object.
| Andreas Reuleaux (reuleaux) wrote | #0 |
| Stephan Richter (srichter) wrote | #1 |
| Christian Theune (ctheune) wrote | #2 |
| Christian Theune (ctheune) wrote | #3 |
| Stefan H. Holek (stefanholek) wrote | #4 |
| Christian Theune (ctheune) wrote | #5 |
| Andreas Reuleaux (reuleaux) wrote Re: [Bug 98287] Re: local grants don't work properly for objects with object fields | #6 |
| Christian Theune (ctheune) wrote | #7 |
| Changed in zope3: | |
| status: | In Progress → Won't Fix |
Changes: submitter email, importance (medium => critical), revised version_info, new comment
Based on the title, I would say this is a locating issue. I am not sure whether the widget should be responsible for locating the created object. Overall, I think object widgets were a bad idea anyways. ;-)