Maybe silly questions, but: Do you call InitializeGlobals() on ObjectX's class (usually at the end of the module where it's defined)? Does ObjectX actually have a portal_url method defined on it (or inherited)? ----- Original Message ----- From: "Gary Poster" <garyposter@earthlink.net> To: <zope-dev@zope.org> Sent: Tuesday, February 05, 2002 11:36 AM Subject: [Zope-dev] acquisition, traversal, __roles__(, and zpt?)
Hi everyone.
OK. I'm stumped. I'm doing funky tricks here to create an alias functionality somewhat similar to a transparent folder. In the belief that brevity begets more possibility for answers, I won't tell you more, but just get straight to the chase:
Zope 2.5, CMF 1.2 (but I'm using the dev list rather than the ptk or zpt lists because it has to do with internals more, I think)
During traversal, I have (intentionally) created an acquisition chain like this:
<pageTemplate> <OBJECT X> <CMF root> <Zope root> <request>
in which <OBJECT X> is an "alien" object inserted after the CMF root. By alien I mean it is not an actual child of the CMF root, nor the actual parent of the pageTemplate. The pageTemplate itself is arbitrarily stored *outside* of the CMF, and also inserted during traversal. <OBJECT X> was unwrapped (aq_base) and then wrapped __of__(<CMF root>), and the pageTemplate also unwrapped and then wrapped __of__(<OBJECT X>).
Everything seems mostly fine with this with basic DTML stuff, even so far as the DTML using CMF skins. However, ZPT pages give me security errors if I try to use a skin.
I have traced this down, through the Products.PageTemplates.Expressions.RestrictedTraverse function, through security validation, to the fact that if the page template asks for an object like "nocall here/portal_url", and then traverses to get the portal_url, the portal_url is found but has no __roles__.
__roles__ appear to be deep magic (AccessControl.PermissionRole). I don't quite understand how this property exists: I figure it must also have functional elements in the C acquisition code somewhere (which I have not worked through).
<OBJECT X> has both __allow_access_to_unprotected_subobjects__ and security.declareObjectPublic(). I've tried not removing the "real" wrappers of <OBJECT X> and the page template, to no avail.
Heh. Any ideas?
Thanks
Crazy Gary
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )