Skip to content

Can not access manage_access as an admin #225

New issue
New issue
Open
Open
Can not access manage_access as an admin#225
@gforcada

Description

@gforcada
gforcada
opened on Mar 4, 2024

At work we recently upgraded from Plone 5.2.x to 6.0.7 and since then I noticed that I can not go to a comment's /manage_access ZMI view anymore (to check permissions and so on).

Testing it locally with a vanilla Plone instance seems to be the case as well:

Traceback (innermost last):

    Module ZPublisher.WSGIPublisher, line 181, in transaction_pubevents
    Module ZPublisher.WSGIPublisher, line 391, in publish_module
    Module ZPublisher.WSGIPublisher, line 285, in publish
    Module ZPublisher.mapply, line 98, in mapply
    Module ZPublisher.WSGIPublisher, line 68, in call_object
    Module OFS.role, line 112, in manage_access
    Module Shared.DC.Scripts.Bindings, line 333, in __call__
    Module Shared.DC.Scripts.Bindings, line 370, in _bindAndExec
    Module App.special_dtml, line 222, in _exec
    Module DocumentTemplate._DocumentTemplate, line 144, in render_blocks
    Module DocumentTemplate._DocumentTemplate, line 245, in render_blocks_
    Module DocumentTemplate.DT_With, line 86, in render
    Module DocumentTemplate._DocumentTemplate, line 144, in render_blocks
    Module DocumentTemplate._DocumentTemplate, line 222, in render_blocks_
    Module DocumentTemplate.DT_Util, line 215, in eval
    __traceback_info__: o
    Module <string>, line 1, in <module>
    Module AccessControl.ImplPython, line 766, in guarded_getattr
    Module AccessControl.ImplPython, line 708, in aq_validate
    Module AccessControl.ImplPython, line 596, in validate
    Module AccessControl.ImplPython, line 325, in validate
    Module AccessControl.ImplPython, line 845, in raiseVerbose

AccessControl.unauthorized.Unauthorized: The container has no security assertions.  Access to 'meta_type' of (plone.app.discussion.comment.Comment object at 0x7f2d1bb81f60 oid 0x4bf1 in (ZODB.Connection.Connection object at 0x7f2d25df8150)) denied.

It's the first time I see this security assertions problem together with this meta_type... any leads? 🤔

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions