Dear Sir/Madam My purpose is that every one want to access my site must be logon first. Could you tell me how to restrict anonymous to access from my site. Thank you ----- Original Message ----- From: <zope-request@zope.org> To: <zope@zope.org> Sent: Friday, October 24, 2003 11:18 PM Subject: Zope Digest, Vol 3, Issue 44
Send Zope mailing list submissions to zope@zope.org
To subscribe or unsubscribe via the World Wide Web, visit http://mail.zope.org/mailman/listinfo/zope or, via email, send a message with subject or body 'help' to zope-request@zope.org
You can reach the person managing the list at zope-owner@zope.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of Zope digest..."
Today's Topics:
1. AUTHENTICATED_USER is not reliable! [Was: [Zope] become user (su inside Zope) - pretend to be another user] (Stefan H. Holek) 2. Re: Problems migrating site (Jesper Holmberg) 3. Re: [Plone-users] Re: A plea for equality => a play for diversity (laura trippi) 4. Re: AUTHENTICATED_USER is not reliable! [Was: [Zope] become user (su inside Zope) - pretend to be another user] (Jens Vagelpohl) 5. Permission with addFile module (McDonnell, Larry) 6. Re: Permission with addFile module (Paul Winkler) 7. RE: Permission with addFile module (McDonnell, Larry) 8. Re: return value treated as dtml? (Ted holden) 9. Re: Re: [Plone-users] Re: A plea for equality => a play for diversity (Philip Kilner)
----------------------------------------------------------------------
Message: 1 Date: Fri, 24 Oct 2003 10:35:58 +0200 From: "Stefan H. Holek" <stefan@epy.co.at> Subject: AUTHENTICATED_USER is not reliable! [Was: [Zope] become user (su inside Zope) - pretend to be another user] To: bkc@murkworks.com Cc: zope@zope.org Message-ID: <563440625.1066991758@[172.16.8.4]> Content-Type: text/plain; charset=us-ascii; format=flowed
Why is everybody so obsessed with AUTHENTICATED_USER? This variable is not suitable for anything deserving the name "security". It is NOT SAFE to assume that it will contain anything useful.
This is even documented in the online help:
SecurityGetUser() -- Return the current user object. This is normally the same as the 'REQUEST.AUTHENTICATED_USER' object. However, the 'AUTHENTICATED_USER' object is insecure since it can be replaced.
To get the logged-in user call:
SecurityGetUser() or getSecurityManager().getUser() or portal_membership.getAuthenticatedMember()
and please forget about AUTHENTICATED_USER and the REQUEST as a source of trustable information in general.
Stefan
--On Donnerstag, 23. Oktober 2003 19:52 -0400 Brad Clements <bkc@murkworks.com> wrote:
I looked at newSecurityManager and it doesn't seem to set request.AUTHENTICATED_USERS, so I do that too.
-- The time has come to start talking about whether the emperor is as well dressed as we are supposed to think he is. /Pete McBreen/
------------------------------
Message: 2 Date: Fri, 24 Oct 2003 11:54:25 +0200 From: Jesper Holmberg <jesperh@dsv.su.se> Subject: Re: [Zope] Problems migrating site To: Plone-users List <plone-users@lists.sourceforge.net>, Zope List <zope@zope.org> Message-ID: <20031024095425.GW9964@strindberg.dsv.su.se> Content-Type: text/plain; charset=us-ascii
Thank you Derek, but this does not seem to be the problem. As I have exported/imported the whole Plone site, portal_actions are identical.
Jesper
* On Wed Oct 22, Wilson, Derek wrote:
Check to make sure that the portalActions match on both the servers.
Thanks, Derek Wilson
From: Jesper Holmberg [mailto:jesperh@dsv.su.se] Sent: Wednesday, October 22, 2003 8:40 AM To: Plone-users List; Zope List Subject: [Zope] Problems migrating site
I am trying to move my Plone site to a different server. But when I access some of the content on my site at the new location, I get error messages.
This is what I have done:
1. Installed Zope, CMF, Plone and all relevant Products I use on the new server
2. Exported my Plone site in the ZMI of the old server, and imported it in the new server.
3. Ran the scripts found at http://cmf.zope.org/Members/cleath/movePortal, which supposedly updated the skins, and updated any ownership information.
As an example, when I hit "my preferences", I get the errors:
Site error This site encountered an error trying to fulfill your request. The errors were: Error Details Error Type AttributeError Error Value getActions
Obviously there is something which misses the attribute getActions, but what does it mean?
The backtrace from when I try to access "my preferences" goes like this (sorry so long):
Traceback (innermost last): Module ZPublisher.Publish, line 98, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 39, in call_object Module Shared.DC.Scripts.Bindings, line 252, in __call__ Module Shared.DC.Scripts.Bindings, line 283, in _bindAndExec Module Products.PageTemplates.ZopePageTemplate, line 228, in _exec Module Products.PageTemplates.PageTemplate, line 95, in pt_render <ZopePageTemplate at /wlplone/personalize_form> Module TAL.TALInterpreter, line 200, in __call__ Module TAL.TALInterpreter, line 244, in interpret Module TAL.TALInterpreter, line 703, in do_useMacro Module TAL.TALInterpreter, line 244, in interpret Module TAL.TALInterpreter, line 726, in do_defineSlot Module TAL.TALInterpreter, line 244, in interpret Module TAL.TALInterpreter, line 669, in do_condition Module TAL.TALInterpreter, line 244, in interpret Module TAL.TALInterpreter, line 669, in do_condition Module TAL.TALInterpreter, line 244, in interpret Module TAL.TALInterpreter, line 414, in do_optTag_tal Module TAL.TALInterpreter, line 399, in do_optTag Module TAL.TALInterpreter, line 394, in no_tag Module TAL.TALInterpreter, line 244, in interpret Module TAL.TALInterpreter, line 669, in do_condition Module TAL.TALInterpreter, line 244, in interpret Module TAL.TALInterpreter, line 668, in do_condition Module Products.PageTemplates.TALES, line 220, in evaluate URL: /wlplone/personalize_form Line 492, Column 12 Expression: standard:'personal' Names: {'container': <PloneSite instance at 9383130>, 'default': <Products.PageTemplates.TALES.Default instance at 0x873476c>, 'here': <PloneSite instance at 9383130>, 'loop': <SafeMapping instance at 9423980>, 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter instance at 0x873490c>, 'nothing': None, 'options': {'args': ()}, 'repeat': <SafeMapping instance at 9423980>, 'request': <HTTPRequest, URL=http://130.237.161.108/wlplone/portal_form/personalize_form>, 'root': <Application instance at 92d91c0>, 'template': <ZopePageTemplate at /wlplone/personalize_form>, 'traverse_subpath': [], 'user': Pepsi} Module Products.PageTemplates.Expressions, line 206, in __call__ Module Products.PageTemplates.Expressions, line 201, in _eval Module Products.PageTemplates.Expressions, line 108, in render Module Products.CMFPlone.PloneFolder, line 89, in __call__ Module Products.CMFPlone.PloneFolder, line 180, in _getViewFor AttributeError: getActions
What is missing?
TIA,
Jesper
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
------------------------------
Message: 3 Date: Fri, 24 Oct 2003 02:11:58 -0700 From: laura trippi <latrippi@sfu.ca> Subject: [Zope] Re: [Plone-users] Re: A plea for equality => a play for diversity To: plone-users@lists.sourceforge.net Cc: alan runyan <runyaga@runyaga.com>, zope@zope.org Message-ID: <1E989642-0602-11D8-BE8F-000A278FD74C@sfu.ca> Content-Type: text/plain; charset=US-ASCII; format=flowed
Alan's already answered this with his usual diplomacy -- and wisdom beyond his years. =}
But since I edited "he" to "s/he" during my talk at the Plone conference (right there in front of everyone!), I thought maybe I ought to reply, too. I've also been hanging out a fair amount on #plone.
In his "Future of Plone" talk, Paul said: "hello sexy plone people." He also said, "thank you sexy plone people." It's hard to capture exactly what it is that sparkles about Plone, but I thought that was really apt. Surprising for a developer community, no?
There's a difference between "sexy" and "sexist." In many circumstances, sexism expresses itself precisely by repressing difference, gender, and sexuality. The aesthetics of Plone and the creativity of the Plone community are bound up w/something else -- an unconventional attitude and ethos that some might find shocking at times, I suppose.
I don't condone sexist attitudes or behavior. I either avoid them or make a fuss. I don't know what Dave's email was about, exactly. But "pleas for equality" make me squeamish. I prefer plays for diversity -- and, in my experience, the Plone community, esp. including #plone, could hardly be more welcoming in that regard.
My concern is this: If people start acting all p.c. on #plone -- goodbye sexy plone community.
best,
::laura trippi
On Tuesday, October 21, 2003, at 11:33 AM, alan runyan wrote:
Hi.
I deeply apologize. There is a world wide community. Mostly dominated by men. But 10% of the Plone Conference was women. So I would suggest any female who feels uncomfortable about someone's language to contact me. I will do my best to address the problems. Also it doesnt take very much of someone to say, "I dont appreciate your sexist remark." And usually people will apologize. Please speak out and curb the community away from sexist remarks. If there are any problems you may contact me personally. Of course it would be best if you emailed the person offline with your frustration before bringing it to the mailing list or me.
cheers, alan runyan
I have come across something that I think most people have come across before in IT .. and in general .. something called sexism. Something a female zopista told me today tipped me over the edge to write this .. it's something I have seen myself on plenty of occassions ...
No this is not something 'rampant' in the community .. just something that happens occassionaly .. and being one of those people that despise the ignorance that leads to these types of comments .. have to say something. I just wanted to ask everyone to think about the communities they are in, and that they are made up of all sorts, and all types. Our IRC channels are made up of them as well. A lot of the time these people stay 'quiet', and learn and listen ... to developers that talk about their female counterparts in derogatory ways .. as though the channels are made up up macho men.
Knowing the community doesn't feel this way as a whole, I would like to say to those few people to THINK before being so ignorant.
I know personally of people that are avoiding certain IRC channels due to the fact they find them male dominated, and sexist, and I find this SHOCKING. It's not in the people or who's there .. but some regular users attitudes to a community they feel comfortable with as they are leaders or regulars in their area.
I just want people to think .. if you want to talk about your relationships .. or relationships, or peoples life choices in general .. be aware the community is made up of ALL of them.
thanks for your time to read this ..
Dave
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
-- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
------------------------------------------------------- This SF.net email is sponsored by OSDN developer relations Here's your chance to show off your extensive product knowledge We want to know what you know. Tell us and you have a chance to win $100 http://www.zoomerang.com/survey.zgi?HRPT1X3RYQNC5V4MLNSV3E54 _______________________________________________ Plone-users mailing list Plone-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/plone-users
------------------------------
Message: 4 Date: Fri, 24 Oct 2003 08:09:12 -0400 From: Jens Vagelpohl <jens@zope.com> Subject: Re: AUTHENTICATED_USER is not reliable! [Was: [Zope] become user (su inside Zope) - pretend to be another user] To: zope@zope.org Message-ID: <E144F37C-061A-11D8-8743-000393D58818@zope.com> Content-Type: text/plain; charset=US-ASCII; format=flowed
Why is everybody so obsessed with AUTHENTICATED_USER? This variable is not suitable for anything deserving the name "security". It is NOT SAFE to assume that it will contain anything useful.
Amen to that.
jens
------------------------------
Message: 5 Date: Fri, 24 Oct 2003 10:09:22 -0400 From: "McDonnell, Larry" <lmcdonnell@protonenergy.com> Subject: [Zope] Permission with addFile module To: "'Zope@Zope. Org' (E-mail)" <zope@zope.org> Message-ID: <318685741A5BD31183A4006097BD8DD93809D1@PROSERV> Content-Type: text/plain; charset="iso-8859-1"
Hi,
I need for my users to upload files within Zope. I have a copy of addFile and it works when I am superuser. I tried setting permissions through the security tab for the file but the users are prompted for user name and password. These users do not have aacounts within Zope. I do not need this since this is an intranet environment. Can someone point to some documentation that addresses this problem. I googled around and this has been addressed before but the link to those sites did not exist. Thanks.
Larry McDonnell
------------------------------
Message: 6 Date: Fri, 24 Oct 2003 10:18:24 -0400 From: Paul Winkler <pw_lists@slinkp.com> Subject: Re: [Zope] Permission with addFile module To: "'Zope@Zope. Org' (E-mail)" <zope@zope.org> Message-ID: <20031024141824.GB1099@slinkp.com> Content-Type: text/plain; charset=us-ascii
On Fri, Oct 24, 2003 at 10:09:22AM -0400, McDonnell, Larry wrote:
Hi,
I need for my users to upload files within Zope. I have a copy of addFile
You seem to be a bit confused about Zope. No crime in that :-) I don't know what you mean. You don't need to make copies of anything in order to let users add files. What is addFile?
and it works when I am superuser.
I assume you mean Manager?
I tried setting permissions through the security tab for the file but the users are prompted for user name and password. These users do not have aacounts within Zope. I do not need this since this is an intranet environment.
Go to the management interface of the topmost folder where you want users to add files. Click on the Security tab. Find the permission labelled "Add Documents, Images, and Files". Check the box in the Anonymous columns. You're done.
Can someone point to some documentation that addresses this problem. I googled around and this has been addressed before but the link to those sites did not exist. Thanks.
Read this, several times if necessary: http://zope.org/Documentation/Books/ZopeBook/2_6Edition/Security.stx
--
Paul Winkler http://www.slinkp.com Look! Up in the sky! It's EXPLOSIVE RADIOISOTOPIC DEATH ON A STICK! (random hero from isometric.spaceninja.com)
------------------------------
Message: 7 Date: Fri, 24 Oct 2003 10:41:41 -0400 From: "McDonnell, Larry" <lmcdonnell@protonenergy.com> Subject: RE: [Zope] Permission with addFile module To: 'Paul Winkler' <pw_lists@slinkp.com>, "'Zope@Zope. Org' (E-mail)" <zope@zope.org> Message-ID: <318685741A5BD31183A4006097BD8DD93809D3@PROSERV> Content-Type: text/plain; charset="iso-8859-1"
Hi,
Thanks, I'll try this
-----Original Message----- From: Paul Winkler [mailto:pw_lists@slinkp.com] Sent: Friday, October 24, 2003 10:18 AM To: 'Zope@Zope. Org' (E-mail) Subject: Re: [Zope] Permission with addFile module
On Fri, Oct 24, 2003 at 10:09:22AM -0400, McDonnell, Larry wrote:
Hi,
I need for my users to upload files within Zope. I have a copy of addFile
You seem to be a bit confused about Zope. No crime in that :-) I don't know what you mean. You don't need to make copies of anything in order to let users add files. What is addFile?
and it works when I am superuser.
I assume you mean Manager?
I tried setting permissions through the security tab for the file but the users are prompted for user name and password. These users do not have aacounts within Zope. I do not need this since this is an intranet environment.
Go to the management interface of the topmost folder where you want users to add files. Click on the Security tab. Find the permission labelled "Add Documents, Images, and Files". Check the box in the Anonymous columns. You're done.
Can someone point to some documentation that addresses this problem. I googled around and this has been addressed before but the link to those sites did not exist. Thanks.
Read this, several times if necessary: http://zope.org/Documentation/Books/ZopeBook/2_6Edition/Security.stx
--
Paul Winkler http://www.slinkp.com Look! Up in the sky! It's EXPLOSIVE RADIOISOTOPIC DEATH ON A STICK! (random hero from isometric.spaceninja.com)
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
------------------------------
Message: 8 Date: Fri, 24 Oct 2003 10:40:20 -0400 From: Ted holden <medved@fcc.net> Subject: Re: [Zope] return value treated as dtml? To: zope@dylanreinhardt.com Cc: Zope Users <zope@zope.org> Message-ID: <200310241040.20847.medved@fcc.net> Content-Type: text/plain; charset="utf-8"
On Friday 24 October 2003 00:51, Dylan Reinhardt wrote:
... Perhaps you could provide an example of the problem you're trying to solve & we can take a whack at the easiest way to solve it?
Dylan
Again, thanks. I pretty much gave up on using zclasses and products at least for the time being, and I've actually gotten something like 98% of the application working; there's just the one little detail left.
This is a text indexing and retrieval methodology and the assumption is that an organization has a directory containing text files or some sort of files with ascii text in them, which it wishes to make available to users over the web. This might consist of large numbers of html files as is the usual case, or it could just as easily consist of two or three large or gigantic files, possibly several gigabytes.
The user enters a search term, and the application returns a list of hits in the form of file-name/byte-offset pairs, e.g.:
Verified hits
* /home/bear/Text/SHAKE/MACBETH 71680 * /home/bear/Text/POE/ANNABEL 0 * /home/bear/Text/POE/ELDORADO 0
Now, once that screen comes up (is returned by the application and displayed), I'd like to have the user be able to click on one of the lines and thereby execute a method which would read a couple of thousand bytes around the indicated byte offset in the given file, and display them.
The problem is that once a screen like that returns, you're outside the confines of zope and dtml. Inside a dtml method, something like:
<a href=<dtml-call 'function('arg1', 'arg2')"> > first hit </a><br>
works well enough. That's basically the kind of effect I need.
I'm guessing at this point that the best shot might be to write the list of hits to a file, and then return a handle to a dtml file which would pick up the list of hits from the file and do the right things with them, and include the user's name or id in the name of the hit file to keep users separate. The question at that point would be whether an external method could return the handle of a dtml method created within Zope or whether something like dtmlfile could work outside of zclasses. That's just a guess; I'd be glad to hear any suggestions.
Ted
------------------------------
Message: 9 Date: Fri, 24 Oct 2003 16:30:10 +0100 From: Philip Kilner <phil@xfr.co.uk> Subject: Re: [Zope] Re: [Plone-users] Re: A plea for equality => a play for diversity To: laura trippi <latrippi@sfu.ca> Cc: alan runyan <runyaga@runyaga.com>, plone-users@lists.sourceforge.net, zope@zope.org Message-ID: <3F994582.9050900@xfr.co.uk> Content-Type: text/plain; charset=us-ascii; format=flowed
Hi Laura,
Eloquently put.
It doesn't hurt to remember that everyone thinks differently, though - explicit acknowledgment of these issues may be enough to sharpen everybody up.
Sexy people generally can't manage to be PC (in the pejorative sense) even if they try...
:-)
--
Regards,
PhilK
(Sexy but spherical!)
Email: phil@xfr.co.uk / Voicemail & Facsimile: 07092 070518
"the symbols of the divine show up in our world initially at the trash stratum." Philip K Dick
------------------------------
_______________________________________________ Zope maillist - Zope@zope.org
End of Zope Digest, Vol 3, Issue 44 ***********************************