permissions/authorization on non ZClass/product objects
I'm having trouble with permissions and Python class instances that aren't part of the Zope permission mechanism. I'm creating plain Python class instances in the Python baseclass of a ZClass, and storing them in a list on the baseclass. The baseclass instantiates these instances and appends them to its list. The class is defined in the baseclass .py file. A method on the baseclass returns this list of instances, and I'm iterating over them in DTML and looking at their attributes - or trying to. I get an authorization prompt, which always gives me an auth error, even though the user can look at the ZClass that's returning the instances. I'm able to get around this by registering the plain Python class as a base class, subclassing them with a ZClass, and instantiating ZClass instances instead of baseclass instances. It seems like overkill, though (and I always thought that instantiating ZClasses in python was confusing). I don't need to expose methods or restrict access, just open the attributes to be used as DTML variables. Are there ways to do this without making full-fledged ZClasses out of my classes? Are there guidelines in general for using non-Zopish subobjects that get used by the publishing process? -- Karl Anderson kra@monkey.org http://www.pobox.com/~kra/
Karl, Two things come to mind: First, make sure you're returning the instances in the context of their container, e.g. instead of: def returnstuff(self): class foo: pass return foo() do def returnstuff(self): class foo: pass return foo().__of__(self) You may also want to try the magic: def returnstuff(self): class foo: __allow_access_to_unprotected_subobjects__ = 1 pass return foo().__of__(self) in the class instances you return if nothing in them needs to be protected by permissions in any way. On 2 Aug 2000, Karl Anderson wrote:
I'm having trouble with permissions and Python class instances that aren't part of the Zope permission mechanism.
I'm creating plain Python class instances in the Python baseclass of a ZClass, and storing them in a list on the baseclass. The baseclass instantiates these instances and appends them to its list. The class is defined in the baseclass .py file. A method on the baseclass returns this list of instances, and I'm iterating over them in DTML and looking at their attributes - or trying to. I get an authorization prompt, which always gives me an auth error, even though the user can look at the ZClass that's returning the instances.
I'm able to get around this by registering the plain Python class as a base class, subclassing them with a ZClass, and instantiating ZClass instances instead of baseclass instances. It seems like overkill, though (and I always thought that instantiating ZClasses in python was confusing). I don't need to expose methods or restrict access, just open the attributes to be used as DTML variables.
Are there ways to do this without making full-fledged ZClasses out of my classes? Are there guidelines in general for using non-Zopish subobjects that get used by the publishing process?
-- Karl Anderson kra@monkey.org http://www.pobox.com/~kra/
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
On Wed, 2 Aug 2000 22:41:46 -0400 (EDT), Chris McDonough <chrism@digicool.com> wrote:
Karl,
Two things come to mind:
First, make sure you're returning the instances in the context of their container, e.g. instead of:
def returnstuff(self): class foo: pass return foo()
do
def returnstuff(self): class foo: pass return foo().__of__(self)
If you want to do that, then you need to inherit the acquisition base class too.... def returnstuff(self): class foo(Acquisition.Implicit): pass return foo().__of__(self)
You may also want to try the magic: def returnstuff(self): class foo: __allow_access_to_unprotected_subobjects__ = 1 pass return foo().__of__(self)
in the class instances you return if nothing in them needs to be protected by permissions in any way.
Using __allow_access_to_unprotected_subobjects__ the object doesnt _need_ to have a context (although it might be useful for other things), so you can drop the __of__ Toby Dickenson tdickenson@geminidataloggers.com
participants (3)
-
Chris McDonough -
Karl Anderson -
Toby Dickenson