Joseph Wayne Norton <norton@alum.mit.edu> wrote:
I tried to use some of the webdav functions in zope but ran into some trouble with the MOVE and COPY operations. One issue seems to be that the method "getSecurityManager" is not imported into the file zope-2.2/lib/python/webdav/Resource.py.
def dav__validate(self, object, methodname, REQUEST): msg='<strong>You are not authorized to access this resource.</strong>' method=None if hasattr(object, methodname): method=getattr(object, methodname) else: try: method=object.aq_acquire(methodname) except: method=None
if method is not None: --> try: return getSecurityManager().validateValue(method)
This is definitely a bug, with a simple fix:: Index: Resource.py =================================================================== RCS file: /cvs-repository/Zope2/lib/python/webdav/Resource.py,v retrieving revision 1.33 diff -u -r1.33 Resource.py --- Resource.py 2000/07/12 17:06:52 1.33 +++ Resource.py 2000/12/09 16:24:28 @@ -90,6 +90,7 @@ import sys, os, string, mimetypes, davcmds, ExtensionClass from common import absattr, aq_base, urlfix, rfc1123_date from urllib import quote, unquote +from AccessControl.SecurityManagement import getSecurityManager import Globals, time class Resource(ExtensionClass.Base):
except: pass
raise 'Unauthorized', msg
Secondly, the method try: parent._verifyObjectPaste(self) is failing even though the user is authenticated as a manager. For example,
try: parent._checkId(name, allow_dup=1) except: raise 'Forbidden', sys.exc_info()[1] --> try: parent._verifyObjectPaste(self) except: raise 'Forbidden', sys.exc_info()[1]
The implementaton of 'OFS.CopySupport._verifyObjectPaste()' has some warts; in particular, its checks (that the user could create an object of the given type at the "paste location", and that the user has access to the original object) are a bit fragile. One of the fragilities is resolved by a fix which went into Zope 2.2.3; are you perhaps running an earlier version? I just played around with cadaver (a Unix command-line WebDAV client): * Before authenticating, 'copy foo foo.copytest' fails with '403: Forbidden', which somehow doesn't trigger authentication. * 'move foo foo.movetest' triggers authentication, and then succeeds. * 'copy foo.movetest foo' then works. I can't explain this behavior at the moment :)
Lastly, where are properties that can be set and put using webdav. Are these object attributes? I was expecting to see this properties show up in the "Properties" tab for a folder, for a dtml document etc. but they did not show up.
Zope's WebDAV implementation exposes the "standard" WebDAV properties, plus the "default" Zope properties ('title'), as so:: [/usr/local/zope/Zope2_webdav/lib/python] $ python Python 1.5.2 (#1, Feb 1 2000, 16:32:16) [GCC egcs-2.91.66 19990314/Linux (egcs- on linux-i386 Copyright 1991-1995 Stichting Mathematisch Centrum, Amsterdam
import Zope Zope.debug( '/hookable_PUT', request_method='PROPFIND' ) ^D Status: 207 Multi-Status X-Powered-By: Zope (www.zope.org), Python (www.python.org) Ms-Author-Via: DAV Content-Type: text/xml; charset="utf-8" Content-Length: 1824 Date: Sat, 09 Dec 2000 16:25:08 GMT Content-Location: http://127.0.0.1/Zope/hookable_PUT/ Connection: close
<?xml version="1.0" encoding="utf-8"?> <d:multistatus xmlns:d="DAV:"> <d:response> <d:href>/Zope/hookable_PUT/</d:href> <d:propstat xmlns:n="http://www.zope.org/propsets/default"> <d:prop> <n:title>Test Hookable PUT Implementation</n:title> </d:prop> <d:status>HTTP/1.1 200 OK</d:status> </d:propstat> <d:propstat xmlns:n="DAV:"> <d:prop> <n:creationdate></n:creationdate> <n:displayname>hookable_PUT</n:displayname> <n:resourcetype><n:collection/></n:resourcetype> <n:getlastmodified>Thu, 07 Dec 2000 16:26:41 GMT</n:getlastmodified> <n:getcontenttype></n:getcontenttype> <n:getcontentlength></n:getcontentlength> <n:source></n:source> </d:prop> <d:status>HTTP/1.1 200 OK</d:status> </d:propstat> </d:response> <d:response> <d:href>/Zope/hookable_PUT/PUT_factory</d:href> <d:propstat xmlns:n="DAV:"> <d:prop> <n:creationdate></n:creationdate> <n:displayname>PUT_factory</n:displayname> <n:resourcetype></n:resourcetype> <n:getlastmodified>Thu, 07 Dec 2000 15:44:08 GMT</n:getlastmodified> <n:getcontenttype></n:getcontenttype> <n:getcontentlength></n:getcontentlength> <n:source></n:source> </d:prop> <d:status>HTTP/1.1 200 OK</d:status> </d:propstat> </d:response> <d:response> <d:href>/Zope/hookable_PUT/README</d:href> <d:propstat xmlns:n="DAV:"> <d:prop> <n:creationdate></n:creationdate> <n:displayname>README</n:displayname> <n:resourcetype></n:resourcetype> <n:getlastmodified>Thu, 07 Dec 2000 16:26:41 GMT</n:getlastmodified> <n:getcontenttype></n:getcontenttype> <n:getcontentlength>615</n:getcontentlength> <n:source> <n:link> <n:src>/Zope/hookable_PUT/README</n:src> <n:dst>/Zope/hookable_PUT/README/document_src</n:dst> </n:link> </n:source> </d:prop> <d:status>HTTP/1.1 200 OK</d:status> </d:propstat> </d:response> </d:multistatus> WebDAV clients (e.g., GoLive) can attach their own properties to Zope objects; Zope objects which want to expose other propertysheets have to do some extra work. Tres. -- =============================================================== Tres Seaver tseaver@digicool.com Digital Creations "Zope Dealers" http://www.zope.org