Proxy not Propagating - could be FSDTMLMethod
this is in the context of CMF, but its a ZOPE Security issue. I have a Script (Python), createJobPosting which is: from DateTime import DateTime path = ('', 'virtual_hosts', 'thecommode', 'Members', 'PUBLIC') PUBLIC = context.restrictedTraverse(path) id = str(DateTime().millis()) PUBLIC.invokeFactory(type_name='Job Posting', id=id) obj = getattr(PUBLIC,id) view = getattr(obj,'job_edit_form') return obj.getEditView() that is Proxied as Manager/Member/Reviewer. it creates a object just fine (in Members/PUBLIC) so then the script then calls obj.getEditView() which is: security.declarePublic('getEditView') def getEditView(self): skins = getToolByName(self, 'portal_skins') if hasattr(skins, 'job_edit_form'): self.editView = getattr(skins, 'job_edit_form') return self.editView(self, self.REQUEST) # i assume this gets a new security context? when its being 'published', how can i proxy this as Manager/Member/Reviewer? I need to render the job_edit_form (filesystem DTML Method) in the same Security Proxy context (as Manager/Member/Reviewer), but upon its publishing it encounters as _.hasattr(this(), 'myAttribute') and says I dont have access to this(). Zope2.3.3, CMF1.1, Linux, Python 1.52 Traceback (innermost last): File /home/zope/ZopeInstallation/ZopeSoftwareHome/lib/python/ZPublisher/Publish.p y, line 223, in publish_module File /home/zope/ZopeInstallation/ZopeSoftwareHome/lib/python/ZPublisher/Publish.p y, line 187, in publish File /home/zope/ZopeInstallation/ZopeSoftwareHome/lib/python/ZPublisher/Publish.p y, line 171, in publish File /home/zope/ZopeInstallation/ZopeSoftwareHome/lib/python/ZPublisher/mapply.py , line 160, in mapply (Object: createJobPosting) File /home/zope/ZopeInstallation/ZopeSoftwareHome/lib/python/ZPublisher/Publish.p y, line 112, in call_object (Object: createJobPosting) File /home/zope/ZopeInstallation/ZopeSoftwareHome/lib/python/Shared/DC/Scripts/Bi ndings.py, line 324, in __call__ (Object: createJobPosting) File /home/zope/ZopeInstallation/ZopeSoftwareHome/lib/python/Shared/DC/Scripts/Bi ndings.py, line 354, in _bindAndExec (Object: createJobPosting) File /home/zope/ZopeInstallation/ZopeSoftwareHome/lib/python/Products/PythonScrip ts/PythonScript.py, line 336, in _exec (Object: createJobPosting) (Info: ({'script': <PythonScript instance at 8896da8>, 'context': <CMFSite instance at 884bad0>, 'container': <CMFSite instance at 884bad0>, 'traverse_subpath': []}, (), {}, None)) File Script (Python), line 11, in createJobPosting (Object: DateTime) File /home/zope/ZopeInstallation/InstanceHome/Products/CMFEmployment/JobPosting.p y, line 255, in getEditView (Object: DynamicType) File /home/zope/ZopeInstallation/ZopeSoftwareHome/lib/python/Products/CMFCore/FSD TMLMethod.py, line 180, in __call__ (Object: job_edit_form) File /home/zope/ZopeInstallation/ZopeSoftwareHome/lib/python/DocumentTemplate/DT_ String.py, line 540, in __call__ (Object: job_edit_form) File /home/zope/ZopeInstallation/ZopeSoftwareHome/lib/python/Products/CMFCore/FSD TMLMethod.py, line 175, in __call__ (Object: standard_html_header) File /home/zope/ZopeInstallation/ZopeSoftwareHome/lib/python/DocumentTemplate/DT_ String.py, line 540, in __call__ (Object: standard_html_header) File /home/zope/ZopeInstallation/ZopeSoftwareHome/lib/python/DocumentTemplate/DT_ Util.py, line 333, in eval (Object: _.hasattr(this(),'isEffective') and not isEffective(ZopeTime() )) (Info: this) File /home/zope/ZopeInstallation/ZopeSoftwareHome/lib/python/Products/CMFCore/FSD TMLMethod.py, line 198, in validate (Object: job_edit_form) File /home/zope/ZopeInstallation/ZopeSoftwareHome/lib/python/AccessControl/Securi tyManager.py, line 144, in validate File /home/zope/ZopeInstallation/ZopeSoftwareHome/lib/python/AccessControl/ZopeSe curityPolicy.py, line 225, in validate Unauthorized: (see above) I think quite a few people could run into this, when trying to Proxy content manipulation to non-logged into user, i.e. allowing people who are not logged into submitContent (but proxying them off as if they were a logged in Member -- in this case PUBLIC) .. I am going about this the correct way, I believe. ? I also tried to 'customize' the FSDTMLMethod and proxy it as Manager/Reviewer/Member and it still gives me the same error ;'( thanks, ~runyaga
.... Since Zope 2.2, proxie roles are no longer propagated.
You need to give the object that makes the access a proxie role, too.
Yes I heard about this. the object is a FSDTMLMethod, it has no proxy ability (that I'm aware of). I made it a DTMLMethod (by 'customize' in the CMF) and added it a appropriate proxy role, and it still gripes. can i Programatically assign a obj a proxie role? any examples? ~runyaga
alan runyan writes:
... I made it a DTMLMethod (by 'customize' in the CMF) and added it a appropriate proxy role, and it still gripes. It should not, unless called inapropriately (i.e. without a top level namespace).
can i Programatically assign a obj a proxie role? any examples? I have a standard answer to this type of questions:
You can do it with the ZMI. Therefore, you can do it programmatically (ZMI does). Examples: look at how the ZMI does it. In your case: it will not help. Doing it programmatically as the same effect as doing it via ZMI. And you told me, it still gripes... You must try to find out why it gripes. Dieter
participants (2)
-
alan runyan -
Dieter Maurer