Closed hekl closed 4 years ago
Henk Laloli wrote at 2020-3-20 15:57 -0700:
I have upgrade my existing zope2 to zope4. Locally it works fine. On the server it gives an exception for every page with a ZSQL method in the web view. Other pages have no problem . It is this error:
Error Type: Unauthorized Error Value: Your user account does not have the required permission. Access to 'sqlQuery' of (OrderedFolder at /mysite/folder) denied. Your user account, Anonymous User, exists at /acl_users. Access requires Use_Database_Methods_Permission, granted to the following roles: ['Authenticated', 'Manager']. Your roles in this context are ['Anonymous'].
This error message is quite clear:
Apparently, an "Anonymous" user is trying to access a ZSQLMethod
,
protected by the Use_Database_Methods_Permission
.
In your setup, this permission is granted to the roles
'Authenticated'
and 'Manager'
, but not Anonymous
.
The result must be an Unauthorized
exception.
If you are confident that the use of this particular ZSQLMethod
is
safe for use by anonymous users (in general, SQL methods might pose
a risk), then you can grant the permission
Use_Database_Methods_Permission
for this object to Anonymous
.
There used to be a ZMI tab for this (likely labeled Permissions
).
In new versions, this tab might have been suppressed (because
in a larger (--> "CMFCore", "Plone", ...) context, its use
can easily break things). In this case, appending "/manage_access"
to the sql method url will allow you to manage the permission to
role management for this object.
The ZMI tab is called "Security" and it still exists on all ZMI objects. It is not and has never been hidden.
Thanks for your reply. Indeed in the ZMI not much has changed. But your comment made me look at the permissions at highest level. The permission role for Anonymous user to "use database methods" was not on. In my old zope is was. That solved it.
I have upgrade my existing zope2 to zope4 (4.1.3, python 3.6.9, linux). Locally it works fine. On the server it gives an exception for every page with a ZSQL method in the web view. Other pages have no problem . It is this error:
Traceback (innermost last): Module ZPublisher.WSGIPublisher, line 156, in transaction_pubevents Module ZPublisher.WSGIPublisher, line 338, in publish_module Module ZPublisher.WSGIPublisher, line 256, in publish Module ZPublisher.mapply, line 85, in mapply Module ZPublisher.WSGIPublisher, line 62, in call_object Module OFS.DTMLMethod, line 177, in call