Product security and OFS.CopySupport
Hi, I've encountered problems when adding security declarations to a Zope folderish object product on Zope 2.7.2/Python 2.3.4/RH Linux 9.0. My folderish object 'CustomFolder' (see http://files.englesh.org/CustomFolder.tgz for source) has permissions on its methods. For example, I'm declaring: security.declarePublic('index_html') index_html = PageTemplateFile( os.path.join('zpt', 'default_index_html'), globals()) I then initialize the permissions for my object calling: InitializeClass(CustomFolder) When I instantiate a 'CustomFolder', I can add new sub objects. I am, however, unable to paste or rename objects within the 'CustomFolder' instance. I've been able to trace the error to the call to _verifyObjectPaste (line 352) in OFS.CopySupport. It appears that _verifyObjectPaste fails on the call to self.restrictedTraverse(method_name). The comments following the call seem to indicate that an Unauthorized exception is thrown if the factory method by name cannot be obtained. Is there something that I am missing in my security declarations for 'CustomFolder' or is this a bug in OFS.CopySupport or OFS.Traversable? I've goggled on this but the results I have found have not fixed the problem I am seeing. Thanks, Michael -- Michael R. Schwab All those who believe in psychokinesis, raise my hand.
Have you registered the class in your __init__.py file? That stuff about restrictedTraverse() is over my head by usually copy/paste problems can arise due to unregistered classes. On Mon, 25 Oct 2004 18:31:55 -0600 (CST), Michael R. Schwab <michael.schwab-mail.zope.org@icantbelieveididthat.com> wrote:
Hi,
I've encountered problems when adding security declarations to a Zope folderish object product on Zope 2.7.2/Python 2.3.4/RH Linux 9.0.
My folderish object 'CustomFolder' (see http://files.englesh.org/CustomFolder.tgz for source) has permissions on its methods. For example, I'm declaring:
security.declarePublic('index_html') index_html = PageTemplateFile( os.path.join('zpt', 'default_index_html'), globals())
I then initialize the permissions for my object calling:
InitializeClass(CustomFolder)
When I instantiate a 'CustomFolder', I can add new sub objects. I am, however, unable to paste or rename objects within the 'CustomFolder' instance. I've been able to trace the error to the call to _verifyObjectPaste (line 352) in OFS.CopySupport. It appears that _verifyObjectPaste fails on the call to self.restrictedTraverse(method_name). The comments following the call seem to indicate that an Unauthorized exception is thrown if the factory method by name cannot be obtained.
Is there something that I am missing in my security declarations for 'CustomFolder' or is this a bug in OFS.CopySupport or OFS.Traversable?
I've goggled on this but the results I have found have not fixed the problem I am seeing.
Thanks, Michael -- Michael R. Schwab
All those who believe in psychokinesis, raise my hand.
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
-- Peter Bengtsson, http://www.peterbe.com
<quote who="Peter Bengtsson">
Have you registered the class in your __init__.py file? That stuff about restrictedTraverse() is over my head by usually copy/paste problems can arise due to unregistered classes.
Yes. My __init__.py is registering my class: import CustomFolder from AccessControl import Permissions def initialize(context): try: context.registerClass( CustomFolder.CustomFolder, permission=Permissions.add_folders, constructors=(CustomFolder.manage_addCustomFolderForm, CustomFolder.manage_addCustomFolder), icon = 'www/Folder_icon.gif' ) except: import sys, traceback, string type, val, tb = sys.exc_info() sys.stderr.write( string.join( traceback.format_exception( type, val, tb ), '' ) ) del type, val, tb I've subsequently tried different security declaration combinations: - setting __roles__ to either None or () - calling security.setDefaultAccess( 'deny' ) and security.setDefaultAccess( {'id':1, 'meta_type':1, 'title':1, 'icon':1, 'title_or_id':1 } ) - explictly declaring security.declareProtected with the Permissions.view permission on id, meta_type, title, icon, title_or_id - explictly declaring security.declareProtected with the Permissions.copy_or_move permission on manage_copyObjects, manage_cutObjects, manage_pasteObjects, manage_renameObject, and manage_renameObjects The end result is some combination of the following errors: - unable to browse the CustomFolder's index_html - unable to access manage_main in the ZMI due to an AttributeError with a value of 'NoneType' object has no attribute 'setHeader' - unable to paste and rename an object contained in a CustomFolder object There _has_ to be a way to declare a folderish object as protected default and declare protected access to methods and properties by role names. Before you ask, yes I am calling InitializeClass(CustomFolder) to apply the security permissions to my class.
On Mon, 25 Oct 2004 18:31:55 -0600 (CST), Michael R. Schwab <michael.schwab-mail.zope.org@icantbelieveididthat.com> wrote:
Hi,
I've encountered problems when adding security declarations to a Zope folderish object product on Zope 2.7.2/Python 2.3.4/RH Linux 9.0.
My folderish object 'CustomFolder' (see http://files.englesh.org/CustomFolder.tgz for source) has permissions on its methods. For example, I'm declaring:
security.declarePublic('index_html') index_html = PageTemplateFile( os.path.join('zpt', 'default_index_html'), globals())
I then initialize the permissions for my object calling:
InitializeClass(CustomFolder)
When I instantiate a 'CustomFolder', I can add new sub objects. I am, however, unable to paste or rename objects within the 'CustomFolder' instance. I've been able to trace the error to the call to _verifyObjectPaste (line 352) in OFS.CopySupport. It appears that _verifyObjectPaste fails on the call to self.restrictedTraverse(method_name). The comments following the call seem to indicate that an Unauthorized exception is thrown if the factory method by name cannot be obtained.
Is there something that I am missing in my security declarations for 'CustomFolder' or is this a bug in OFS.CopySupport or OFS.Traversable?
I've goggled on this but the results I have found have not fixed the problem I am seeing.
Thanks, Michael -- Michael R. Schwab
All those who believe in psychokinesis, raise my hand.
participants (2)
-
Michael R. Schwab -
Peter Bengtsson