On Monday 25 February 2008 20:45:37 Joerg Baach wrote:
Hi *,
I am trying to have a folderish object that acquires from a user object (ldapuserfolder). It should have its own properties and contents, but fall back to the ones of the ldap user.
I have created an object, extending Folder, and it behaves nicely in zopectl debug. When I try to access it through e.g. a python script I get an:
Error Type: Unauthorized Error Value: Unable to find __roles__ in the container and the container is not wrapped. Access to 'dn' of test, acquired through (LDAPProxy at /testfolder/ldapproxy), denied.
I am sure its my lack of understanding of acquisition. I am trying to bascially put ldap user object 'on top' of the aquisition line (with the ldapproxy at the bottom), but obviously failing in doing so. Any ideas?
I'm not familiar with LDAPUserFolder (its not really a user object but a user container, isn't it?) but the error you're getting is a security error -- the Python Script checks for security attributes before it accesses attributes. You need to add the appropriate security declarations in your product before it can be used inside PyScript You might try the verbose-security directive in zope.conf to debug stuff like that; I hope it is available in the version of Zope you're running (I'm on 2.10) As a hack to disable all security checks on a class you can add the attribute __allow_access_to_unprotected_subobjects__ = 1 , effectively disabling security. This of course should only be done if you trust your users! hth peter.
Cheers,
Joerg
--------8< excerpt from code ---------------
class LDAPProxy(Folder):
meta_type='LDAPProxy'
def __init__(self, id, remoteid,title='',REQUEST=None): self.id = id self.title = title self.remoteid = remoteid
def __of__(self, parent): if not hasattr(parent,'aq_base'): return self folder,id = self.remoteid.split(':') acl = parent.restrictedTraverse(folder) remote = acl.getUser(id) return Folder.__of__(self,parent.__of__(remote))
------- teststructure----------
/testfolder/ ldapproxy (LDAPProxy) acl_users/ testscript (.py)
--------8< testscript --------------------- return context.ldapproxy.dn
--------traceback-------------------------- Traceback (most recent call last): File "/home/joerg/zope/Zope-2.8.5/lib/python/ZPublisher/Publish.py", line 113, in publish request, bind=1) File "/home/joerg/zope/Zope-2.8.5/lib/python/ZPublisher/mapply.py", line 88, in mapply if debug is not None: return debug(object,args,context) File "/home/joerg/zope/Zope-2.8.5/lib/python/ZPublisher/Publish.py", line 40, in call_object result=apply(object,args) # Type s<cr> to step into published object. File "/home/joerg/zope/Zope-2.8.5/lib/python/Shared/DC/Scripts/Bindings.py", line 311, in __call__ return self._bindAndExec(args, kw, None) File "/home/joerg/zope/Zope-2.8.5/lib/python/Shared/DC/Scripts/Bindings.py", line 348, in _bindAndExec return self._exec(bound_data, args, kw) File "/home/joerg/zope/Zope-2.8.5/lib/python/Products/PythonScripts/PythonScript .py", line 323, in _exec result = f(*args, **kw) File "Script (Python)", line 1, in testscript File "/home/joerg/zope/Zope-2.8.5/lib/python/AccessControl/ImplPython.py", line 727, in guarded_getattr aq_acquire(inst, name, aq_validate, validate) File "/home/joerg/zope/Zope-2.8.5/lib/python/AccessControl/ImplPython.py", line 669, in aq_validate return validate(inst, object, name, v) File "/home/joerg/zope/Zope-2.8.5/lib/python/AccessControl/ImplPython.py", line 563, in validate self._context) File "/home/joerg/zope/Zope-2.8.5/lib/python/AccessControl/ImplPython.py", line 293, in validate accessed, container, name, value, context) File "/home/joerg/zope/Zope-2.8.5/lib/python/AccessControl/ImplPython.py", line 808, in raiseVerbose raise Unauthorized(text) Unauthorized: Unable to find __roles__ in the container and the container is not wrapped. Access to 'dn' of test, acquired through (LDAPProxy at /testfolder/ldapproxy), denied.