Can't open files from deleted LDAP user

Hi, I am getting a permissions error when trying to open files from a deleted LDAP user, and I am the site Owner. Any ideas on what this issue is?

Which error? Enable VerboseSecurity and show us the complete stacktrace.

-aj

I cannot recreate the error right now because I ftp'd the files back into the system. I was just wondering if anyone has encountered this before. It basically said you do not have permissions to view this file. I could view it if I appended "/edit" to the url.

Okay, here is the stack trace (I think):
2016-08-16T08:46:29 ERROR root Exception while rendering an error message
Traceback (most recent call last):
File "c:\plone42\eggs\zope2-2.13.16-py2.6.egg\OFS\SimpleItem.py", line 242, in raise_standardErrorMessage
v = s(**kwargs)
File "c:\plone42\eggs\products.cmfcore-2.2.6-py2.6.egg\Products\CMFCore\FSPythonScript.py", line 127, in call
return Script.call(self, *args, **kw)
File "c:\plone42\eggs\zope2-2.13.16-py2.6.egg\Shared\DC\Scripts\Bindings.py", line 322, in call
return self._bindAndExec(args, kw, None)
File "c:\plone42\eggs\zope2-2.13.16-py2.6.egg\Shared\DC\Scripts\Bindings.py", line 359, in _bindAndExec
return self._exec(bound_data, args, kw)
File "c:\plone42\eggs\products.pythonscripts-2.13.0-py2.6.egg\Products\PythonScripts\PythonScript.py", line 344, in _exec
result = f(*args, **kw)
File "Script (Python)", line 34, in standard_error_message
File "c:\plone42\eggs\zope2-2.13.16-py2.6.egg\Shared\DC\Scripts\Bindings.py", line 322, in call
return self._bindAndExec(args, kw, None)
File "c:\plone42\eggs\zope2-2.13.16-py2.6.egg\Shared\DC\Scripts\Bindings.py", line 359, in _bindAndExec
return self._exec(bound_data, args, kw)
File "c:\plone42\eggs\products.cmfcore-2.2.6-py2.6.egg\Products\CMFCore\FSPageTemplate.py", line 237, in _exec
result = self.pt_render(extra_context=bound_names)
File "c:\plone42\eggs\products.cmfcore-2.2.6-py2.6.egg\Products\CMFCore\FSPageTemplate.py", line 177, in pt_render
self, source, extra_context
File "c:\plone42\eggs\zope2-2.13.16-py2.6.egg\Products\PageTemplates\PageTemplate.py", line 79, in pt_render
showtal=showtal)
File "c:\plone42\eggs\zope.pagetemplate-3.5.2-py2.6.egg\zope\pagetemplate\pagetemplate.py", line 113, in pt_render
strictinsert=0, sourceAnnotations=sourceAnnotations)()
File "c:\plone42\eggs\zope.tal-3.5.2-py2.6.egg\zope\tal\talinterpreter.py", line 271, in call
self.interpret(self.program)
File "c:\plone42\eggs\zope.tal-3.5.2-py2.6.egg\zope\tal\talinterpreter.py", line 343, in interpret
handlers[opcode](self, args)
File "c:\plone42\eggs\zope.tal-3.5.2-py2.6.egg\zope\tal\talinterpreter.py", line 888, in do_useMacro
self.interpret(macro)
File "c:\plone42\eggs\zope.tal-3.5.2-py2.6.egg\zope\tal\talinterpreter.py", line 343, in interpret
handlers[opcode](self, args)
File "c:\plone42\eggs\zope.tal-3.5.2-py2.6.egg\zope\tal\talinterpreter.py", line 533, in do_optTag_tal
self.do_optTag(stuff)
File "c:\plone42\eggs\zope.tal-3.5.2-py2.6.egg\zope\tal\talinterpreter.py", line 518, in do_optTag
return self.no_tag(start, program)
File "c:\plone42\eggs\zope.tal-3.5.2-py2.6.egg\zope\tal\talinterpreter.py", line 513, in no_tag
self.interpret(program)
File "c:\plone42\eggs\zope.tal-3.5.2-py2.6.egg\zope\tal\talinterpreter.py", line 343, in interpret
handlers[opcode](self, args)
File "c:\plone42\eggs\zope.tal-3.5.2-py2.6.egg\zope\tal\talinterpreter.py", line 852, in do_condition
self.interpret(block)
File "c:\plone42\eggs\zope.tal-3.5.2-py2.6.egg\zope\tal\talinterpreter.py", line 343, in interpret
handlers[opcode](self, args)
File "c:\plone42\eggs\zope.tal-3.5.2-py2.6.egg\zope\tal\talinterpreter.py", line 742, in do_insertStructure_tal
structure = self.engine.evaluateStructure(expr)
File "c:\plone42\eggs\zope2-2.13.16-py2.6.egg\Products\PageTemplates\Expressions.py", line 218, in evaluateStructure
text = super(ZopeContext, self).evaluateStructure(expr)
File "c:\plone42\eggs\zope.tales-3.5.2-py2.6.egg\zope\tales\tales.py", line 696, in evaluate
return expression(self)
File "c:\plone42\eggs\zope.contentprovider-3.7.2-py2.6.egg\zope\contentprovider\tales.py", line 80, in call
return provider.render()
File "c:\plone42\eggs\plone.app.viewletmanager-2.0.2-py2.6.egg\plone\app\viewletmanager\manager.py", line 154, in render
return BaseOrderedViewletManager.render(self)
File "c:\plone42\eggs\plone.app.viewletmanager-2.0.2-py2.6.egg\plone\app\viewletmanager\manager.py", line 85, in render
return u'\n'.join([viewlet.render() for viewlet in self.viewlets])
File "c:\plone42\eggs\five.customerize-1.0.3-py2.6.egg\five\customerize\zpt.py", line 148, in render
return template._exec(bound_names, args, kwargs)
File "c:\plone42\eggs\zope2-2.13.16-py2.6.egg\Products\PageTemplates\ZopePageTemplate.py", line 334, in _exec
result = self.pt_render(extra_context=bound_names)
File "c:\plone42\eggs\zope2-2.13.16-py2.6.egg\Products\PageTemplates\ZopePageTemplate.py", line 431, in pt_render
result = PageTemplate.pt_render(self, source, extra_context)
File "c:\plone42\eggs\zope2-2.13.16-py2.6.egg\Products\PageTemplates\PageTemplate.py", line 79, in pt_render
showtal=showtal)
File "c:\plone42\eggs\zope.pagetemplate-3.5.2-py2.6.egg\zope\pagetemplate\pagetemplate.py", line 113, in pt_render
strictinsert=0, sourceAnnotations=sourceAnnotations)()
File "c:\plone42\eggs\zope.tal-3.5.2-py2.6.egg\zope\tal\talinterpreter.py", line 271, in call
self.interpret(self.program)
File "c:\plone42\eggs\zope.tal-3.5.2-py2.6.egg\zope\tal\talinterpreter.py", line 343, in interpret
handlers[opcode](self, args)
File "c:\plone42\eggs\zope.tal-3.5.2-py2.6.egg\zope\tal\talinterpreter.py", line 583, in do_setLocal_tal
self.engine.setLocal(name, self.engine.evaluateValue(expr))
File "c:\plone42\eggs\zope.tales-3.5.2-py2.6.egg\zope\tales\tales.py", line 696, in evaluate
return expression(self)
File "c:\plone42\eggs\zope.tales-3.5.2-py2.6.egg\zope\tales\expressions.py", line 217, in call
return self._eval(econtext)
File "c:\plone42\eggs\zope2-2.13.16-py2.6.egg\Products\PageTemplates\Expressions.py", line 155, in _eval
return render(ob, econtext.vars)
File "c:\plone42\eggs\zope2-2.13.16-py2.6.egg\Products\PageTemplates\Expressions.py", line 117, in render
ob = ob()
File "c:\plone42\eggs\plone.app.discussion-2.1.7-py2.6.egg\plone\app\discussion\browser\comments.py", line 287, in is_discussion_allowed
return context.restrictedTraverse('@@conversation_view').enabled()
File "c:\plone42\eggs\zope2-2.13.16-py2.6.egg\OFS\Traversable.py", line 317, in restrictedTraverse
return self.unrestrictedTraverse(path, default, restricted=True)
File "c:\plone42\eggs\zope2-2.13.16-py2.6.egg\OFS\Traversable.py", line 205, in unrestrictedTraverse
obj, obj, name, next):
File "c:\plone42\eggs\accesscontrol-2.13.8-py2.6-win32.egg\AccessControl\ImplPython.py", line 552, in validate
self._context)
File "c:\plone42\eggs\accesscontrol-2.13.8-py2.6-win32.egg\AccessControl\ImplPython.py", line 373, in validate
owner, value))
File "c:\plone42\eggs\accesscontrol-2.13.8-py2.6-win32.egg\AccessControl\ImplPython.py", line 797, in raiseVerbose
raise Unauthorized(text)
Unauthorized: The owner of the executing script does not have the required permission. Access to '@@conversation_view' of (ATFile at /PCI/projectsclients/pse/as-built-document/as-built-doc-feb-1) denied. Access requires View_Permission, granted to the following roles: ['Contributor', 'Editor', 'Manager', 'Owner', 'Reader', 'Site Administrator']. The executing script is (TTWViewTemplate at /PCI/projectsclients/pse/as-built-document/as-built-doc-feb-1/products.cmfcore.interfaces._content.icontentish-plone.comments), owned by <SpecialUser 'Anonymous User'>, who has the roles ['Anonymous'].

Looks like you've got a Through-The-Web (TTW) customization of a plone.app.discussion view. Because it's customized TTW it runs in RestrictedPython which is intentionally severely crippled to ensure no security breaches can take place. Running into security exceptions there is not at all surprising. You may wish to disable that TTW view customization and see what happens.

Thanks very much! I inherited this site - how can I disable the TTW view customization?

It's probably in portal_view_customizations. But I don't use TTW myself so I may be off.

The funny thing is, if I copy the file and paste it, even though it is still assigned to the same (deleted) LDAP user, it opens.

You can use https://pypi.python.org/pypi/plone.app.changeownership to fix the items without owner.

Thanks but it doesn't work with Plone 4

I used it in my sandbox andit gave me the following error when I tried to open files
(I reassigned them to myself): AttributeError('getUserById',) (Also, the following error occurred while attempting to render the standard error message, please see the event log for full details: getUserById)

Any other ideas?

@hawkp Again, a full stack trace would be helpful. You mean that plone.app.changeownership installed properly and you were able to change ownerships, but now you got some other error when accessing the content?