Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Unauthorized for browser pages protected with zope2.Public #2

Closed
davidjb opened this Issue · 4 comments

3 participants

@davidjb
Collaborator

When I use sauna.reload against something like collective.castle, I'm finding that browser pages (specified within a configure.zcml file) that are protected using the zope2.Public permission require Manager access. These browser pages, such as the following:

<browser:page
for="*"
name="castle_login_url"
class=".browser.LoginUrl"
permission="zope2.Public"
/>

work for anonymous users when loaded without sauna.reload but when sauna.reload is activated, they produce the following error:

Unauthorized: Your user account does not have the required permission. Access to 'castle_login_url' of (ATDocument at /Plone/front-page) denied. Your user account, Anonymous User, exists at /acl_users. Access requires Public__everyone_can_access_Permission, granted to the following roles: ['Manager']. Your roles in this context are ['Anonymous']

If I go ahead and change the permission over to zope.Public everything is fine, however.

Other resources in Plone's core that are protected by zope2.Public aren't affected.

@miohtama
Owner

Hmm. Sounds like some sort of issue initializing your product. Is the package in the question using z3c.autoinclude?

@datakurre
Collaborator

Thanks @davidjb. I can confirm this and remember seeing this before. I'll look into this, but help is welcome, as usual.

@datakurre
Collaborator

Ok. We need to meta:redefinePermission from="zope2.Public" to="zope.Public" properly before loading "reloaded" products. I hope to have a patch soon.

@datakurre datakurre closed this in 09fd8e6
@davidjb
Collaborator

Fantastic, tested and working well. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.