Hi there, I am using zope from cvs Zope-2_6-branch. I still get the following assertion in a DCWorkflow which worked flawlessly in 2.6.2
Thanks for any pointers Robert
Traceback (innermost last): Module ZPublisher.Publish, line 98, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 39, in call_object Module Products.CMFCore.FSPythonScript, line 92, in __call__ Module Shared.DC.Scripts.Bindings, line 261, in __call__ Module Shared.DC.Scripts.Bindings, line 292, in _bindAndExec Module Products.CMFCore.FSPythonScript, line 126, in _exec - __traceback_info__: ({'traverse_subpath': [], 'container': <PloneSite instance at 8bbed10>, 'context': <PloneFolder instance at 96fb608>, 'script': <FSPythonScript at /zehnder/zehnder/createObject used for /zehnder/zehnder/tasklist/Task.2004-01-19.3020/Attachments>}, (None, 'File', None), {}, (None, None, None)) Module None, line 12, in createObject Module Products.CMFCore.PortalFolder, line 362, in invokeFactory Module Products.CMFCore.TypesTool, line 824, in constructContent Module Products.CMFCore.TypesTool, line 516, in constructInstance Module Products.CMFCore.TypesTool, line 420, in _finishConstruction Module Products.CMFCore.CMFCatalogAware, line 101, in notifyWorkflowCreated Module Products.CMFPlone.WorkflowTool, line 26, in notifyCreated Module Products.CMFCore.WorkflowTool, line 362, in notifyCreated Module Products.DCWorkflow.DCWorkflow, line 367, in notifyCreated Module Products.DCWorkflow.DCWorkflow, line 440, in _changeStateOf Module Products.DCWorkflow.DCWorkflow, line 543, in _executeTransition Module Shared.DC.Scripts.Bindings, line 261, in __call__ Module Shared.DC.Scripts.Bindings, line 290, in _bindAndExec Module Shared.DC.Scripts.Bindings, line 1, in ? Module Shared.DC.Scripts.Bindings, line 224, in _getContext Unauthorized: You are not allowed to access in this context
Having read Stuarts post with a similar context I was digging trough DCWorkflow with the debugger and found that
In Shared.DC.Scripts.Bindings._getContext(self), there seems to be a new security check: getSecurityManager().validate(parent, container, '', self)
does only allow Manager to access the container of the script that is called during the DCWorkflow transition.
Any ideas?
Robert
robert rottermann wrote:
Hi there, I am using zope from cvs Zope-2_6-branch. I still get the following assertion in a DCWorkflow which worked flawlessly in 2.6.2
Thanks for any pointers Robert
Traceback (innermost last): Module ZPublisher.Publish, line 98, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 39, in call_object Module Products.CMFCore.FSPythonScript, line 92, in __call__ Module Shared.DC.Scripts.Bindings, line 261, in __call__ Module Shared.DC.Scripts.Bindings, line 292, in _bindAndExec Module Products.CMFCore.FSPythonScript, line 126, in _exec
- __traceback_info__: ({'traverse_subpath': [], 'container':
<PloneSite instance at 8bbed10>, 'context': <PloneFolder instance at 96fb608>, 'script': <FSPythonScript at /zehnder/zehnder/createObject used for /zehnder/zehnder/tasklist/Task.2004-01-19.3020/Attachments>}, (None, 'File', None), {}, (None, None, None)) Module None, line 12, in createObject Module Products.CMFCore.PortalFolder, line 362, in invokeFactory Module Products.CMFCore.TypesTool, line 824, in constructContent Module Products.CMFCore.TypesTool, line 516, in constructInstance Module Products.CMFCore.TypesTool, line 420, in _finishConstruction Module Products.CMFCore.CMFCatalogAware, line 101, in notifyWorkflowCreated Module Products.CMFPlone.WorkflowTool, line 26, in notifyCreated Module Products.CMFCore.WorkflowTool, line 362, in notifyCreated Module Products.DCWorkflow.DCWorkflow, line 367, in notifyCreated Module Products.DCWorkflow.DCWorkflow, line 440, in _changeStateOf Module Products.DCWorkflow.DCWorkflow, line 543, in _executeTransition Module Shared.DC.Scripts.Bindings, line 261, in __call__ Module Shared.DC.Scripts.Bindings, line 290, in _bindAndExec Module Shared.DC.Scripts.Bindings, line 1, in ? Module Shared.DC.Scripts.Bindings, line 224, in _getContext Unauthorized: You are not allowed to access in this context
Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
robert rottermann wrote:
Having read Stuarts post with a similar context I was digging trough DCWorkflow with the debugger and found that
In Shared.DC.Scripts.Bindings._getContext(self), there seems to be a new security check: getSecurityManager().validate(parent, container, '', self)
Yep, this was a real hole in PythonScripts before; the script shouldn't bind the name 'container' if the user doesn't have access to the container.
does only allow Manager to access the container of the script that is called during the DCWorkflow transition.
Any ideas?
Two possibilities:
- If your script doesn't need to access container, then go to its "Bindings" tab and clear the entry for "container". The security check added in 2.6.3 won't take effect until the name is bound (there is even a unit test for that case).
- If your script *does* need access to the container (which will be the "scripts" container of the workflow, IIRC), then you need to give the script a proxy role of 'Manager'.
Tres.
robert rottermann wrote:
Hi there, I am using zope from cvs Zope-2_6-branch. I still get the following assertion in a DCWorkflow which worked flawlessly in 2.6.2
Thanks for any pointers
Robert,
I have just checked in changes to the bindings computation which should resolve your issues. Could you please re-tests with the head of the 2.6 branch? If your workflow scripts are still broken, would you please open a collector issue?
Thanks!
Tres.
-
robert rottermann -
Tres Seaver