The latest CVS version is giving autorization demands (and failures) with this DTMLmethod. This kind of construct used to work fine. <dtml-var standard_html_header> <h2><dtml-var title_or_id> <dtml-var document_title></h2> <p> <dtml-with "_.namespace(SUB=[1,2])"> <dtml-if "_.len(SUB)>0">non-empty<dtml-else>empty</dtml-if> </dtml-with> </p> <dtml-var standard_html_footer> Zope Error Zope has encountered an error while publishing this resource. Unauthorized Sorry, a Zope error occurred. Traceback (innermost last): File C:\Python\devel\Zope\lib\python\ZPublisher\Publish.py, line 224, in publish_module File C:\Python\devel\Zope\lib\python\ZPublisher\Publish.py, line 189, in publish File C:\Python\devel\Zope\lib\python\ZPublisher\Publish.py, line 175, in publish File C:\Python\devel\Zope\lib\python\ZPublisher\mapply.py, line 160, in mapply (Object: xxx) File C:\Python\devel\Zope\lib\python\ZPublisher\Publish.py, line 112, in call_object (Object: xxx) File C:\Python\devel\Zope\lib\python\OFS\DTMLMethod.py, line 164, in __call__ (Object: xxx) File C:\Python\devel\Zope\lib\python\DocumentTemplate\DT_String.py, line 500, in __call__ (Object: xxx) File C:\Python\devel\Zope\lib\python\DocumentTemplate\DT_With.py, line 146, in render (Object: _.namespace(SUB=[1,2])) File C:\Python\devel\Zope\lib\python\DocumentTemplate\DT_Util.py, line 327, in eval (Object: _.len(SUB)>0) (Info: SUB) File C:\Python\devel\Zope\lib\python\OFS\DTMLMethod.py, line 184, in validate (Object: xxx) File C:\Python\devel\Zope\lib\python\AccessControl\SecurityManager.py, line 139, in validate File C:\Python\devel\Zope\lib\python\AccessControl\ZopeSecurityPolicy.py, line 160, in validate Unauthorized: SUB -- Robin Becker
Robin Becker wrote:
The latest CVS version is giving autorization demands (and failures) with this DTMLmethod. This kind of construct used to work fine.
<dtml-var standard_html_header> <h2><dtml-var title_or_id> <dtml-var document_title></h2> <p> <dtml-with "_.namespace(SUB=[1,2])"> <dtml-if "_.len(SUB)>0">non-empty<dtml-else>empty</dtml-if> </dtml-with> </p> <dtml-var standard_html_footer>
Perhaps newly created names in the _ namespace do not get understood by the new security guts. Does it work if you: <dtml-with "_(SUB=[1,2])"> ... </dtml-with> and call the namespace directly? The two are supposed to be synonymous but your method is depricated so perhaps it works the other way, if not, I'd suggest putting this in the collector for us to fix before the next release.
(Object: _.namespace(SUB=[1,2])) File C:\Python\devel\Zope\lib\python\DocumentTemplate\DT_Util.py, line 327, in eval (Object: _.len(SUB)>0) (Info: SUB) File C:\Python\devel\Zope\lib\python\OFS\DTMLMethod.py, line 184, in validate (Object: xxx) File C:\Python\devel\Zope\lib\python\AccessControl\SecurityManager.py, line 139, in validate File C:\Python\devel\Zope\lib\python\AccessControl\ZopeSecurityPolicy.py, line 160, in validate Unauthorized: SUB
-- -Michel Pelletier http://www.zope.org/Members/michel/MyWiki Visit WikiCentral for the latest Zen: http://www.zope.org/Members/WikiCentral
In article <392D6972.B33E725D@digicool.com>, Michel Pelletier <michel@digicool.com> writes ...
Does it work if you:
<dtml-with "_(SUB=[1,2])"> ... </dtml-with>
and call the namespace directly? The two are supposed to be synonymous but your method is depricated so perhaps it works the other way, if not, I'd suggest putting this in the collector for us to fix before the next release.
... nope this fails as well. -- Robin Becker
participants (2)
-
Michel Pelletier -
Robin Becker