Long story short: Is it appropriate to change self.REQUEST.AUTHENTICATED_USER.name to self.REQUEST.REMOTE_USER ? It appears to work but I'm not sure if there may be repercussions on this. Thomas Long story: I had to make the change in getUserVariable(self, key, default=None) to view events CorpCalender 1.4 that was exported from Zope 2.6.1 and make the change in rememberUserVariable(self, key, value) to be able to add events in CorpCalendar 1.7 newly created calendars in Zope 2.9.6. I can't manage/edit any events in the imported CorpCalendar but I'm not real concerned about that because we can add the new calendars to carry on from the last dates on the old ones. Current configuration on server I am moving to: Zope Version (Zope 2.9.6-final, python 2.4.4, linux2) Python Version 2.4.4 (#1, Oct 23 2006, 13:58:00) [GCC 4.1.1 20061011 (Red Hat 4.1.1-30)] System Platform linux2 Using ZEO I am moving CorpCalendar 1.4 calendars from Zope 2.6.1 to CorpCalendar 1.7 on Zope 2.9.6 Traceback said 'name' was not an attribute of AUTHENTICATED_USER when trying to view events or add events The change I made was from user = self.REQUEST.AUTHENTICATED_USER username = user.name to user = self.REQUEST.AUTHENTICATED_USER username = self.REQUEST.REMOTE_USER in the functions def rememberUserVariable(self, key, value): and def getUserVariable(self, key, default=None): as shown below. def rememberUserVariable(self, key, value): """ set in stone """ cookiekey = '__corpcal_%s'%key.replace(' ','') user = self.REQUEST.AUTHENTICATED_USER username = self.REQUEST.REMOTE_USER # username = user.name # cookie then = DateTime()+300 then = then.rfc822() response = self.REQUEST.RESPONSE response.setCookie(cookiekey, value, expires=then, path='/') if username.lower().replace(' ','') != 'anonymoususer': _user_vs = self._user_variables if not self._user_variables.has_key(username): _user_vs[username] = {} _user_vs[key] = value self._user_variables = _user_vs def getUserVariable(self, key, default=None): """ get from stone """ cookiekey = '__corpcal_%s'%key.replace(' ','') user = self.REQUEST.AUTHENTICATED_USER username = self.REQUEST.REMOTE_USER # username = user.name # cookie if self.REQUEST.cookies.has_key(cookiekey): return self.REQUEST.cookies.get(cookiekey) if username.lower().replace(' ','') != 'anonymoususer': if self._user_variables.has_key(username): if self._user_variables[username].has_key(key): return self._user_variables[username][key] return default Thomas -- ==================================================================== Thomas McMillan Grant Bennett Appalachian State University Computer Consultant III P O Box 32026 University Library Boone, North Carolina 28608 (828) 262 6587 If it's not as simple as possible to try it, then the barrier to entry is too high. Library Systems Help Desk: http://www.library.appstate.edu/help/ ====================================================================
--On 22. März 2007 14:09:00 -0400 Thomas Bennett <bennetttm@appstate.edu> wrote:
Long story short:
Is it appropriate to change self.REQUEST.AUTHENTICATED_USER.name to self.REQUEST.REMOTE_USER ?
Using AUTHENTICATED_USER isn't recommended (since ages). You should always use the SecurityManager API: from AccessControl import getSecurityManager user = getSecurityManager().getUser() username = user.getUserName() Changing request parameters as a workaround for stinking code is unlikely a good choice. Better fix the related code instead of messing up the REQUEST. -aj
Thanks, that even now lets me edit and also add to the CorpCalendars I exported from the older Zope and CC product. Now I just need to look at the Zope Book to see what the changes to the security declarations are so the lines below will quit showing up in my event.log. In the meantime I'm going to look into other calendars that have additional features. Thomas ------ 2007-03-22T14:10:44 WARNING Init Class Products.CorpCalendar.CorpCalendar.CorpCalendar has a security declaration for nonexistent method 'addEvent' ------ 2007-03-22T14:10:44 WARNING Init Class Products.CorpCalendar.CorpCalendar.CorpCalendar has a security declaration for nonexistent method 'index_html' ------ 2007-03-22T14:10:44 WARNING Init Class Products.CorpCalendar.CorpCalendar.CorpCalendar has a security declaration for nonexistent method 'standard_html_footer' ------ 2007-03-22T14:10:44 WARNING Init Class Products.CorpCalendar.CorpCalendar.CorpCalendar has a security declaration for nonexistent method 'styles.css' ------ 2007-03-22T14:10:44 WARNING Init Class Products.CorpCalendar.CorpCalendar.CorpCalendar has a security declaration for nonexistent method 'standard_html_header' ------ 2007-03-22T14:10:44 WARNING Init Class Products.CorpCalendar.CorpCalendar.CorpEvent has a security declaration for nonexistent method 'edit' ------ 2007-03-22T14:10:44 WARNING Init Class Products.CorpCalendar.CorpCalendar.CorpEvent has a security declaration for nonexistent method 'move' ------ 2007-03-22T14:10:44 WARNING Init Class Products.CorpCalendar.CorpCalendar.CorpEvent has a security declaration for nonexistent method 'delete' ------ 2007-03-22T14:10:44 WARNING Init Class Products.CorpCalendar.CorpCalendar.CorpEvent has a security declaration for nonexistent method 'index_html' ------ On Thursday 22 March 2007 13:26, Andreas Jung wrote:
--On 22. März 2007 14:09:00 -0400 Thomas Bennett <bennetttm@appstate.edu>
wrote:
Long story short:
Is it appropriate to change self.REQUEST.AUTHENTICATED_USER.name to self.REQUEST.REMOTE_USER ?
Using AUTHENTICATED_USER isn't recommended (since ages). You should always use the SecurityManager API:
from AccessControl import getSecurityManager
user = getSecurityManager().getUser() username = user.getUserName()
Changing request parameters as a workaround for stinking code is unlikely a good choice. Better fix the related code instead of messing up the REQUEST.
-aj
-- ==================================================================== Thomas McMillan Grant Bennett Appalachian State University Computer Consultant III P O Box 32026 University Library Boone, North Carolina 28608 (828) 262 6587 If it's not as simple as possible to try it, then the barrier to entry is too high. Library Systems Help Desk: http://www.library.appstate.edu/help/ ====================================================================
Now I just need to look at the Zope Book to see what the changes to the security declarations are so the lines below will quit showing up in my event.log.
------ 2007-03-22T14:10:44 WARNING Init Class Products.CorpCalendar.CorpCalendar.CorpCalendar has a security declaration for nonexistent method 'addEvent' ------ Well the security declarations are the same. The only thing that changed is that the zope develolpers added this wonderful warning when one adds a security declaration for an inexistent method. In older zope versions you could do this and no warning was shown in the log. So, you could waste lots of time trying to figure out that your method raised an Unathorized Exception because of a typo in the security declaration.
Regards, Josef
participants (3)
-
Andreas Jung -
Josef Meile -
Thomas Bennett