Ticket #9525 (confirmed Bug)

Opened 7 years ago

Last modified 4 years ago

Reviewer that sends back to contributor gets Insufficient Privileges

Reported by: aclark Owned by:
Priority: major Milestone: 4.x
Component: General Version: 4.2
Keywords: workflow, tuneup Cc: grahamperrin@…

Description

In 3.3. I haven't tested with 3.3.1 but assume it is still broken there. FWIW the action succeeds (i.e. the item wf does change back to private), but the Reviewer gets this:

2009-09-18 13:50:17 INFO Zope Ready to handle requests 2009-09-18 14:13:59 ERROR Zope.SiteErrorLog 1253297639.880.126935353256  http://127.0.0.1:8080/Plone/yay-i-can-contribute-content/document_view Traceback (innermost last):

Module ZPublisher.Publish, line 119, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 42, in call_object Module Shared.DC.Scripts.Bindings, line 313, in call Module Shared.DC.Scripts.Bindings, line 350, in _bindAndExec Module Products.CMFCore.FSPageTemplate, line 216, in _exec Module Products.CMFCore.FSPageTemplate, line 155, in pt_render Module Products.PageTemplates.PageTemplate, line 98, in pt_render Module zope.pagetemplate.pagetemplate, line 117, in pt_render

  • Warning: Macro expansion failed
  • Warning: AccessControl.unauthorized.Unauthorized: You are not allowed to access 'widget' in this context

Module zope.tal.talinterpreter, line 271, in call Module zope.tal.talinterpreter, line 346, in interpret Module zope.tal.talinterpreter, line 891, in do_useMacro Module zope.tal.talinterpreter, line 346, in interpret Module zope.tal.talinterpreter, line 536, in do_optTag_tal Module zope.tal.talinterpreter, line 521, in do_optTag Module zope.tal.talinterpreter, line 516, in no_tag Module zope.tal.talinterpreter, line 346, in interpret Module zope.tal.talinterpreter, line 891, in do_useMacro Module zope.tal.talinterpreter, line 346, in interpret Module zope.tal.talinterpreter, line 586, in do_setLocal_tal Module zope.tales.tales, line 696, in evaluate

  • URL: file:/Users/aclark/Developer/phoenix.workflow/eggs/Plone-3.3-py2.4.egg/Products/CMFPlone/skins/plone_templates/global_defines.pt
  • Line 8, Column 0
  • Expression: <PathExpr standard:u'plone_view/globalize'>
  • Names:

{'container': <PloneSite at /Plone>,

'context': <UnauthorizedBinding: context>, 'default': <object object at 0x1b4528>, 'here': <UnauthorizedBinding: context>, 'loop': {}, 'nothing': None, 'options': {'args': ()}, 'repeat': <Products.PageTemplates.Expressions.SafeMapping object at 0x73704e0>, 'request': <HTTPRequest, URL= http://127.0.0.1:8080/Plone/yay-i-can-contribute-content/document_view>, 'root': <Application at >, 'template': <FSPageTemplate at /Plone/document_view used for /Plone/yay-i-can-contribute-content>, 'traverse_subpath': [], 'user': <PloneUser 'jr'>}

Module zope.tales.expressions, line 217, in call Module Products.PageTemplates.Expressions, line 163, in _eval Module Products.PageTemplates.Expressions, line 125, in render Module Products.CMFPlone.browser.ploneview, line 74, in globalize Module Products.CMFPlone.browser.ploneview, line 118, in _initializeData Module plone.memoize.view, line 55, in memogetter Module plone.app.layout.globals.context, line 123, in object_title Module Products.CMFPlone.utils, line 158, in pretty_title_or_id Module Products.CMFPlone.utils, line 463, in base_hasattr Module Products.CMFPlone.utils, line 474, in safe_hasattr Module Shared.DC.Scripts.Bindings, line 184, in getattr

Unauthorized: You are not allowed to access 'Title' in this context

Change History

comment:1 Changed 7 years ago by aclark

and again, with formatting:

2009-09-18 13:50:17 INFO Zope Ready to handle requests
2009-09-18 14:13:59 ERROR Zope.SiteErrorLog 1253297639.880.126935353256 http://127.0.0.1:8080/Plone/yay-i-can-contribute-content/document_view
Traceback (innermost last):
  Module ZPublisher.Publish, line 119, in publish
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 42, in call_object
  Module Shared.DC.Scripts.Bindings, line 313, in __call__
  Module Shared.DC.Scripts.Bindings, line 350, in _bindAndExec
  Module Products.CMFCore.FSPageTemplate, line 216, in _exec
  Module Products.CMFCore.FSPageTemplate, line 155, in pt_render
  Module Products.PageTemplates.PageTemplate, line 98, in pt_render
  Module zope.pagetemplate.pagetemplate, line 117, in pt_render
   - Warning: Macro expansion failed
   - Warning: AccessControl.unauthorized.Unauthorized: You are not allowed to access 'widget' in this context
  Module zope.tal.talinterpreter, line 271, in __call__
  Module zope.tal.talinterpreter, line 346, in interpret
  Module zope.tal.talinterpreter, line 891, in do_useMacro
  Module zope.tal.talinterpreter, line 346, in interpret
  Module zope.tal.talinterpreter, line 536, in do_optTag_tal
  Module zope.tal.talinterpreter, line 521, in do_optTag
  Module zope.tal.talinterpreter, line 516, in no_tag
  Module zope.tal.talinterpreter, line 346, in interpret
  Module zope.tal.talinterpreter, line 891, in do_useMacro
  Module zope.tal.talinterpreter, line 346, in interpret
  Module zope.tal.talinterpreter, line 586, in do_setLocal_tal
  Module zope.tales.tales, line 696, in evaluate
   - URL: file:/Users/aclark/Developer/phoenix.workflow/eggs/Plone-3.3-py2.4.egg/Products/CMFPlone/skins/plone_templates/global_defines.pt
   - Line 8, Column 0
   - Expression: <PathExpr standard:u'plone_view/globalize'>
   - Names:
      {'container': <PloneSite at /Plone>,
       'context': <UnauthorizedBinding: context>,
       'default': <object object at 0x1b4528>,
       'here': <UnauthorizedBinding: context>,
       'loop': {},
       'nothing': None,
       'options': {'args': ()},
       'repeat': <Products.PageTemplates.Expressions.SafeMapping object at 0x73704e0>,
       'request': <HTTPRequest, URL=http://127.0.0.1:8080/Plone/yay-i-can-contribute-content/document_view>,
       'root': <Application at >,
       'template': <FSPageTemplate at /Plone/document_view used for /Plone/yay-i-can-contribute-content>,
       'traverse_subpath': [],
       'user': <PloneUser 'jr'>}
  Module zope.tales.expressions, line 217, in __call__
  Module Products.PageTemplates.Expressions, line 163, in _eval
  Module Products.PageTemplates.Expressions, line 125, in render
  Module Products.CMFPlone.browser.ploneview, line 74, in globalize
  Module Products.CMFPlone.browser.ploneview, line 118, in _initializeData
  Module plone.memoize.view, line 55, in memogetter
  Module plone.app.layout.globals.context, line 123, in object_title
  Module Products.CMFPlone.utils, line 158, in pretty_title_or_id
  Module Products.CMFPlone.utils, line 463, in base_hasattr
  Module Products.CMFPlone.utils, line 474, in safe_hasattr
  Module Shared.DC.Scripts.Bindings, line 184, in __getattr__
Unauthorized: You are not allowed to access 'Title' in this context

comment:2 Changed 6 years ago by limi

  • Priority changed from major to critical
  • Component changed from Unknown to Infrastructure

comment:3 Changed 6 years ago by naro

What are our options ? The only one I see is allow Reviewer to see items in private state. Simple publication workflow has private-pending-published states. Access/View permission in 'private' is granted to Contributor, Manager, Owner, Editor, Reader currently.

comment:4 Changed 6 years ago by grahamperrin

  • Cc grahamperrin@… added

comment:5 Changed 6 years ago by hannosch

  • Priority changed from critical to major

comment:6 Changed 4 years ago by eleddy

  • Keywords workflow, tuneup added; workflow removed
  • Version set to 4.2
  • severity set to Normal
  • Milestone 3.3.x deleted

comment:7 Changed 4 years ago by davisagli

  • Component changed from Infrastructure to General

comment:8 Changed 4 years ago by kleist

  • Status changed from new to confirmed

comment:9 Changed 4 years ago by kleist

  • Milestone set to 4.x
Note: See TracTickets for help on using tickets.