Getting Unauthorized from __bobo_traverse__.
Hi! I've have this custom __bobo_traverse__ hook: def __bobo_traverse__(self, REQUEST, name): """Intercept the traversal""" if name: if hasattr(self, name): return getattr(self, name) When I call the object like this: /objecta ie. using __call__ (I guess); everything is ok. It renders the index_html (which is a DTMLFile) as expected. However, when I do this: /objecta/index_html it raises an Unauthorized on me. I can't understand why. I thought it might have something to do with docstrings, so I tried this: def index_html(self): """we have a doc string""" return DTMLFile('index_html', globals()) And that worked (it didn't render the DTML, but I know how to fix that). Making it go back to this: index_html = DTMLFile('index_html', globals()) raised an Unauthorized on me again. Here's the full traceback: Traceback (innermost last): File /home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/ZPublisher/Publish.py, line 223, in publish_module File /home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/ZPublisher/Publish.py, line 187, in publish File /home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/ZPublisher/Publish.py, line 171, in publish File /home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/ZPublisher/mapply.py, line 160, in mapply (Object: object_manager_index) File /home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/ZPublisher/Publish.py, line 112, in call_object (Object: object_manager_index) File /home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/Shared/DC/Scripts/Bindings.py, line 324, in __call__ (Object: object_manager_index) File /home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/Shared/DC/Scripts/Bindings.py, line 354, in _bindAndExec (Object: object_manager_index) File /home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/App/special_dtml.py, line 236, in _exec (Object: object_manager_index) File /home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/OFS/DTMLMethod.py, line 182, in __call__ (Object: standard_html_footer) File /home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/DocumentTemplate/DT_String.py, line 538, in __call__ (Object: standard_html_footer) File /home/erik/development/zope-farm/OtherProducts/WarpFramework/user.py, line 89, in on_access (Object: api) File /home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/OFS/Traversable.py, line 223, in restrictedTraverse (Object: api) File /home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/OFS/Traversable.py, line 190, in unrestrictedTraverse (Object: api) Unauthorized: index_html I also tried adding: __allow_access_to_unprotected_subobjects__ = 1 just for good measure, but that didn't help either. Any help on this is greatly appretiated. :-)
[Erik Enge] | def index_html(self): | """we have a doc string""" | return DTMLFile('index_html', globals()) | | And that worked [...] Actually it doesn't. Don't know why I thought it did. This however does work: index_html__roles__ = ['Manager'] def index_html(self): """we have a doc string""" return DTMLFile('index_html', globals()) There's something here I don't understand. My __bobo_traverse__ raises an unauthorized: def __bobo_traverse__(self, REQUEST, name): """Intercept the traversal""" if name: if hasattr(self, name): return getattr(self, name) self = <my_object at somewhere> REQUEST = the correct mapping object name = 'index_html' If I comment the __bobo_traverse__ away, the one in Application.py is used: def __bobo_traverse__(self, REQUEST, name=None): try: return getattr(self, name) except AttributeError: pass [snip] I've snipped it, because in this case getattr() always works. self = <Application at somewhere> REQUEST = the correct mapping object name = 'account' And this one doesn't raise an Unauthorized (and the name is different - maybe there is traversal going on elsewhere too?). Anyone "been there done that" before? Thanks in advance. :)
participants (1)
-
Erik Enge