Menu
▾
▴
#27 ZSyncerTool: not allowed to execute isObjectDiffable
open
nobody
None
5
2006-04-12
2006-04-12
Anonymous
No
We're running zope 2.7.6 and Plone 2.0.5, and I noticed
the following problem in ZSyncer 0.7.1
The ZSyncerTool provides the action zsyncer_diff
The condition with this action is:
python:portal.portal_zsyncer.isObjectDiffable(object)
And the permission is: ZSYNC_PERMISSION
Now if an anonymous user accesses the site, a security
error is thrown. Apparently zope (or plone?) first
checks the condition, before checking the permission.
(Needless to say: the anonymous user doesn't have the
ZSYNC_PERMISSION permission)
I fixed it in a rather ugly but effective way: I
changed the condition to:
python:
portal.portal_membership.checkPermission("ZSyncer: Use
ZSyncer", object) and
portal.portal_zsyncer.isObjectDiffable(object)
Hope this helps. Thanks for the good work on the ZSyncer!
Huub (bouma@wyldebeast-wunderliebe.com)
Logged In: YES
user_id=38329
Apparently I failed to try it on Plone without being logged
in :-( CMFDefault seems to work differently so I never
noticed a problem there.
Can you try the attached patch and change the permission
back? If it works for you I will commit and it'll go in a
0.7.2 bugfix release. Thanks.