CookieCrumbler: unauth redirect broken
Bug #558340 reported by
yuppie
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope CMF buildout |
Confirmed
|
Medium
|
Unassigned |
Bug Description
Expected behavior: If you try to view e.g. the reconfig_form without being logged in, you should be redirected to the login form specified in 'auto_login_page' of your CookieCrumbler instance.
This works e.g. with CMF 2.1 and Zope 2.10, but is broken with CMF trunk and Zope trunk.
Here is a summary of what I figured out so far:
In old Zope versions SimpleItem.
I guess CookieCrumbler should hook in somewhere else.
To post a comment you must log in.
On Zope 2.12.4 + CMF 2.2 I get the following traceback:
2010-04-08 12:25:36 ERROR Zope.SiteErrorLog 1270722336. 790.43264095231 8 http:// localhost: 11080/advitam/ reconfig_ form CMFCore. FSPythonScript, line 130, in __call__ DC.Scripts. Bindings, line 324, in __call__ DC.Scripts. Bindings, line 361, in _bindAndExec PythonScripts. PythonScript, line 344, in _exec reconfig_ form> CMFCore. ActionProviderB ase, line 147, in getActionInfo
Traceback (innermost last):
Module ZPublisher.Publish, line 127, in publish
Module ZPublisher.mapply, line 77, in mapply
Module ZPublisher.Publish, line 47, in call_object
Module Products.
Module Shared.
Module Shared.
Module Products.
Module script, line 19, in reconfig_form
- <FSPythonScript at /advitam/
- Line 19
Module Products.
Unauthorized: You are not allowed to access any of the specified Actions.
The offending line is Info('global/ configPortal' )['url' ]
target = atool.getAction
Accessing unpublished content, etc. for which the user doesn't have the View permission still redirects to the login_form. I'd rather have as much access controlled through permissions as possible.