[z3-five] Re: __roles__ question.

[Philipp von Weitershausen]

Lennart Regebro wrote:
> Suddenly one of my functional tests to test access control stopped working.
> Now, it seems to work fine in real life (which is starting to piss me
> off! I must have spent at least half of my last two weeks to track
> down obscure errors that ONLY appears during the so-called unit
> tests!)
> 
> In this case I have gotten to the situation where I notice that my
> view (A SimleViewClass generated by an editform statement) has a
> __roles__ attribute.
> 
> Wtf? Why? When did it get there? What is it doing there? And why on
> earth is it set to ('Manager', )?

The __roles__ stuff was the old the way of specifying permissions for a
whole object (__roles__ and for methods (method_name__roles__). The Zope
security policy still checks this and nothing else. The "new" stuff like
ac_permissions and the even newer
security.declare{Public|Private|Protected} things are just syntactic
sugar. They are converted to the __roles__ stuff by
default__class_init__ a.k.a. InitializeClass.

> The permission for it is calendar.ModifyEvent, which by default is set
> up to ['Manager', 'EventOrganizer'].
> 
> Anybody know how to debug this? Does Five translate the permission to
> __roles__ in runtime? Is that where it breaks?

Again, it's not Five that's doing it. It's InitializeClass. I suspect
that in your test you're for some reason either missing the grant of the
calendar.ModifyEvent permission to the EventOrganizer role or your
object is missing a decent security context. The latter is unlikely, though.

Sorry, Zope 2 just is a mess there, especially when it comes to testing
stuff... I wish I could be more helpful.

Philipp