Steps to reproduce:
- create user1 and user2 with their calendars
- create a public event in user1's calendar
- give user2 access rights to it (WorkspaceReader? on the workspace and
Reader on the calendar itself).
- change user2's calendar to register user1 calendar
Problem:
user2 see the event but cannot click on it to see the details since it triggers two consecutive uncatched Unauthorized exceptions:
2006-08-01 10:46:05 BLATHER Zope Security Policy Unauthorized: Your user account does not have the required permission. Access to u'event.html' of (ZODBEvent at /cps/members/user2/calendar/event/20060801T094539-storage-2@localhost.localdomain) denied. Your user account, user2, exists at /cps/acl_users. Access requires one of the following roles: ['AttendeeReader', 'EventParticipant', 'Manager', 'WorkspaceReader']. Your roles in this context are ['Anonymous', 'AttendeeManager', 'Authenticated', 'Member', 'Owner', 'WorkspaceManager'].
2006-08-01 10:46:05 BLATHER Zope Security Policy Unauthorized: Your user account does not have the required permission. Access to u'event.html' of (ZODBEvent at /cps/members/user2/calendar/event/20060801T094539-storage-2@localhost.localdomain) denied. Your user account, Anonymous User, exists at /acl_users. Access requires one of the following roles: ['AttendeeReader', 'EventParticipant', 'Manager', 'WorkspaceReader']. Your roles in this context are ['Anonymous'].
2006-08-01 10:46:05 ERROR root Exception while rendering an error message
Traceback (most recent call last):
File "/opt/Zope-2.9/lib/python/OFS/SimpleItem.py", line 223, in raise_standardErrorMessage
v = s(**kwargs)
File "/opt/Zope-2.9/lib/python/Shared/DC/Scripts/Bindings.py", line 311, in __call__
return self._bindAndExec(args, kw, None)
File "/opt/Zope-2.9/lib/python/Shared/DC/Scripts/Bindings.py", line 348, in _bindAndExec
return self._exec(bound_data, args, kw)
File "/home/ogrisel/instances/zope29/Products/CMFCore/FSPageTemplate.py", line 195, in _exec
result = self.pt_render(extra_context=bound_names)
File "/home/ogrisel/instances/zope29/Products/CMFCore/FSPageTemplate.py", line 134, in pt_render
result = FSPageTemplate.inheritedAttribute('pt_render')(
File "/opt/Zope-2.9/lib/python/Products/PageTemplates/PageTemplate.py", line 104, in pt_render
tal=not source, strictinsert=0)()
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 238, in __call__
self.interpret(self.program)
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 281, in interpret
handlers[opcode](self, args)
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 457, in do_optTag_tal
self.do_optTag(stuff)
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 442, in do_optTag
return self.no_tag(start, program)
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 437, in no_tag
self.interpret(program)
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 281, in interpret
handlers[opcode](self, args)
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 749, in do_useMacro
self.interpret(macro)
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 281, in interpret
handlers[opcode](self, args)
File "/opt/Zope-2.9/lib/python/TAL/TALInterpreter.py", line 507, in do_setLocal_tal
self.engine.setLocal(name, self.engine.evaluateValue(expr))
File "/opt/Zope-2.9/lib/python/Products/PageTemplates/TALES.py", line 221, in evaluate
return expression(self)
File "/opt/Zope-2.9/lib/python/Products/PageTemplates/ZRPythonExpr.py", line 47, in __call__
return eval(code, g, {})
File "Python expression "mtool.assertViewable(here)"", line 1, in <expression>
File "/home/ogrisel/instances/zope29/Products/CPSCore/CPSMembershipTool.py", line 112, in assertViewable
raise Unauthorized
