Hi there,
we have a private Plone Folder (in Plone 4.3.X) 'tester1' where the account 'tester1' as the local roles Contributor, Reviewer, Editor, Reader:
>>> doc = app.restrictedTraverse('inst/eforen/security-test/tester1')
>>> doc._p_jar.sync()
>>> doc.__ac_local_roles__
{'aj2': ['Owner'], 'tester1': [u'Contributor', u'Reviewer', u'Editor', u'Reader']}
Inheritance for local roles is disabled:
>>> doc.__ac_local_roles_block__
True
The 'View' permission is mapped to these roles:
According the local roles and the permission mapping for 'View' the account 'tester1' should be able to view
the folder 'tester1'.
However Unauthorized is being raised:
Unauthorized: Your user account does not have the required permission.
Access to 'macros' of (FSPageTemplate at /inst/eforen/security-test/tester1/main_template) denied.
Your user account, tester1, exists at /inst/acl_users. Access requires View_Permission, granted to the following roles: ['Contributor', 'Editor', 'GroupAdmin', 'Manager', 'Owner', 'Reader', 'Site Administrator'].
Your roles in this context are ['Authenticated', u'Contributor', u'Editor', 'Member', u'Reader', u'Reviewer'].
So according to VerboseSecurity tells me that I don't have the View permission although the necessary roles and the local roles for 'tester1' overlap?
Am I missing something?
Andreas