Ticket #14363 (new Bug)
Opened 20 months ago
Regression in ATImage/plone.app.imaging (accessing /image for images) between Plone 4.0 and 4.3?
Reported by: | ajung | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | 4.x |
Component: | Unknown | Version: | 4.3 |
Keywords: | Cc: |
Description
We are working on a Plone 4.0.5 to 4.3.3 migration where we have trouble with image URLs that end up with /image. Using http://host:port/plone/path/to/image.jpg/image did work in Plone 4.0. After running the Plone migration process without error we can only access image scales like /image_thumb, /image_small but /image is no longer working. It fails with an Unauthorized exception (even as Manager). Is this a regression and an intentional change?
The BlobWrapper.index_html method has an explicit declareProtected(View) declaration. But why should a Manager be disallowed to access this field while he can access all other image scales of the same ImageField?
-aj
--
/home/ajung/sandboxes/ise_buildout/eggs/Zope2-2.13.22-py2.7.egg/ZServer/PubCore/ZServerPublisher.py(31)init() -> response=b) /home/ajung/sandboxes/ise_buildout/eggs/Zope2-2.13.22-py2.7.egg/ZPublisher/Publish.py(455)publish_module() -> environ, debug, request, response) /home/ajung/sandboxes/ise_buildout/eggs/Zope2-2.13.22-py2.7.egg/ZPublisher/Publish.py(249)publish_module_standard() -> response = publish(request, module_name, after_list, debug=debug) /home/ajung/sandboxes/ise_buildout/eggs/Zope2-2.13.22-py2.7.egg/ZPublisher/Publish.py(127)publish() -> object=request.traverse(path, validated_hook=validated_hook) /home/ajung/sandboxes/ise_buildout/eggs/Zope2-2.13.22-py2.7.egg/ZPublisher/BaseRequest.py(614)traverse() -> else: user=v(request, auth, self.roles) /home/ajung/sandboxes/ise_buildout/eggs/Products.PluggableAuthService-1.10.0-py2.7.egg/Products/PluggableAuthService/PluggableAuthService.py(267)validate() -> , roles /home/ajung/sandboxes/ise_buildout/eggs/Products.PluggableAuthService-1.10.0-py2.7.egg/Products/PluggableAuthService/PluggableAuthService.py(899)authorizeUser() -> , roles /home/ajung/sandboxes/isebuildout/eggs/AccessControl-3.0.8-py2.7-linux-x86_64.egg/AccessControl/ImplPython.py(555)validate() -> self.context, roles) /home/ajung/sandboxes/isebuildout/eggs/AccessControl-3.0.8-py2.7-linux-x86_64.egg/AccessControl/ImplPython.py(443)validate() -> required_roles=roles, user=context.user) /home/ajung/sandboxes/ise_buildout/eggs/AccessControl-3.0.8-py2.7-linux-x86_64.egg/AccessControl/ImplPython.py(797)raiseVerbose() -> raise Unauthorized(text)
/home/ajung/sandboxes/ise_buildout/eggs/zExceptions-2.13.0-py2.7.egg/zExceptions/unauthorized.py(43)init() -> if name is None and ( (Pdb) text "Your user account is defined outside the context of the object being accessed. Access to 'index_html' of (bound method BlobWrapper.index_html of (plone.app.blob.field.BlobWrapper object at 0x7feca81ae398)), acquired through (plone.app.blob.field.BlobWrapper object at 0x7feca81ae398), denied. Your user account, admin, exists at /acl_users. Access requires View_Permission, granted to the following roles: Manager?."