Sorry the gmail response send only to the original poster not to the list (sorry Andreas)
The original post:
The question then (sorry):
I have a product called Yanged
This product has overrided:
__bobo_traverse__ who returns some objects and sometime a wrapper object with the HTML code to the browser
__call__ who returns the HTML code to __bobo_traverse__ or if you call the object itself
index_html who returns __call__
A TALES evaluator to evaluate some TALES expresion out of page templates
All
works ok except when I try to delete some objects. When I try to launch
the delete method I raises an authorized error and ask for new login
and password
I try with my user who is manager and owner but logon doesn't work and raises the same error
If I look the error log I could see this error:
Traceback (innermost last):
Module ZPublisher.Publish
, line 106, in publish
Module ZPublisher.BaseRequest, line 323, in traverse
Module Products.Yanged.Yanged, line 61, in __bobo_traverse__
Module Products.Yanged.Yanged, line 141, in __call__
Module
Products.Yanged.Yanged
, line 170, in Ejecutar
Module Products.Yanged.Yanged, line 125, in __call__
Module Products.Yanged.Yanged, line 170, in Ejecutar
Module Shared.DC.Scripts.Bindings, line 311, in __call__
Module Shared.DC.Scripts.Bindings
, line 348, in _bindAndExec
Module Products.PythonScripts.PythonScript, line 325, in _exec
Module None, line 2, in BorrarFuncionalidad
- <PythonScript at /sistes.net/clientes/escobarsl.com/Comandos/BorrarFuncionalidad used for /sistes.net/clientes/escobarsl.com/Pagina/Borrar/BorrarCaso>
- Line 2
Module AccessControl.ImplPython, line 729, in guarded_getattr
Module AccessControl.ImplPython, line 671, in aq_validate
Module AccessControl.ImplPython, line 565, in validate
Module
AccessControl.ImplPython
, line 463, in validate
Module AccessControl.ImplPython, line 810, in raiseVerbose
Unauthorized: Your user account does not have the required permission. Access to 'manage_delObjects' of (Yanged at /sistes.net/clientes/escobarsl.com/Pagina/Funcionalidades) denied. Your user account, Anonymous User, exists at (unknown). Access requires one of the following roles: ['Manager']. Your roles in this context are ['Anonymous'].
If I try to delete the object the error is raised but if immediately I try to create another object works ok
This
are the code about BorrarFuncionalidad (the code who raises the error)
and CrearFuncionalidad (the code that works ok). Both are Python
Scripts:
BorrarFuncinalidad
carpeta = getattr(context.Singular(), 'Funcionalidades')
carpeta.manage_delObjects(args['path'])
return args
CrearFuncionalidad
carpeta = getattr(context.Singular
(), 'Funcionalidades')
Id = context.Dame(context.Id)
args['caso'] = carpeta.manage_addProduct['Yanged'].CrearYanged(Id)
return args
Both scripts are launched in the same way (the Ejecutar method you could see at the traceback above)
I try to track the user from the __bobo_traverse__ to the
__call__ and seems the user credentials are lost when I call
CrearFuncionalidad (in the whole call)
Can you point me some clues to solve this problem?
Thanks!
2007/3/12, Dennis Allison <allison@shasta.stanford.edu>:
I did not catch the original post and so don't know any of the details,
but it sounds like a problem with the logging system, not a loss of
credentials. We had long ago and resolved with the list's help. This
patch is still in use with Zope 2.9.X.
You need to patch ../lib/python/ZServer/medusa/http_server.py
--- ./v0.0/http_server.py 2004-12-25 22:39:31.000000000 -0800
+++ ./v0.1/http_server.py 2004-12-25 22:39:
31.000000000 -0800
@@ -36,6 +36,9 @@
from counter import counter
from urllib import unquote
+# Paul's Patch (a shameful thing) to make names register properly
+from ZPublisher.HTTPRequest import parse_cookie
+
#
===========================================================================
# Request Object
#
===========================================================================
@@ -277,6 +280,7 @@
auth=self.get_header('Authorization')
name='Anonymous'
+
if auth is not None:
if string.lower(auth[:6]) == 'basic ':
try: decoded=base64.decodestring(auth[6:])
@@ -286,10 +290,35 @@
name = 'Unknown (bad auth string)'
else:
name = t[0]
+ else:
+ # start of patch
+ try:
+ auth_cookie_name='__ac'
+ cookie= None
+ try:
+ cookies = {}
+ header_value =
self.get_header("Cookie")
+ if header_value:
+ parse_cookie(header_value, cookies)
+ cookie = cookies.get(auth_cookie_name, None)
+ except:
+ name = 'Anonymous'
+
+ if cookie is not None:
+ cookie = unquote(cookie)
+ try:
+ cookie = base64.decodestring
(cookie)
+ name, password = tuple( cookie.split(':',1))
+ except: name= "Unknown (bad auth cookie)"
+ except:
+ name = "Failure!"
+ # end of patch
+ # log the host domain too
self.channel.server.logger.log (
self.channel.addr[0],
- '- %s [%s] "%s" %d %d "%s" "%s"\n' % (
+ '%s %s [%s] "%s" %d %d "%s" "%s"\n' % (
+ self.get_header('Host'),
name,
self.log_date_string (time.time
()),
self.request,
Hope this helps.
On Mon, 12 Mar 2007, Garito wrote:
> Could any charitable soul take pity on this poor sinner, please...?
>
> 2007/3/12, Garito <
garito@gmail.com>:
> >
> > Hi Andreas!
> > What kind of information do you need?
> > On my last messages to the list I send the tracebacks and some other
> > information (need to resend them?)
> >
> > Could you point me what details do you need?
> >
> > Thank you so much for you interest!
> >
> > 2007/3/12, Andreas Jung <
lists@zopyx.com>:
> > >
> > >
> > >
> > > --On 12. März 2007 04:04:31 +0100 Garito <garito@gmail.com
> wrote:
> > >
> > > > Hi all!
> > > > Some days ago I send to the list a question about a problem losting
> > > user
> > > > credentials
> > > >
> > > > In my code I don't use nothing about security and nothing is changed
> > > on
> > > > zmi's security tab
> > > >
> > > > But when I launch a method (Borrar if you remember) the user who
> > > launches
> > > > the action is anonymous not the logged one
> > >
> > > Somewhat hard to believe without a detailed description....
> > >
> > > -aj
> > >
> >
> >
> >
> > --
> > Mis Cosas: http://blogs.sistes.net/Garito
> >
>
>
>
>
--
--
Mis Cosas: http://blogs.sistes.net/Garito