I'm trying to access the getProperty() method of the LDAPUser class in a Python script, in order to access the Active Directory email address of the user. There is no problem with this, if I use the method on the current active user. However, it doesn't work when I attempt to use the method on another property. The output of VerboseSecurity is: *Error Type: Unauthorized* *Error Value: Your user account does not have the required permission. Access to 'getProperty' of nwuser denied. Your user account, abuser, exists at /acl_users. Access requires one of the following roles: ['Manager']. Your roles in this context are ['Anonymous', 'Authenticated', 'User'].* It appears that the currently authenticated used has the 'View' permission (required to use getProperty) on itself, but not for other users. I'm not sure how to change this. In order to get around this problem, I've tried giving the script a Proxy role of Manager. However, when I do this, i get the following output from VerboseSecurity: *Error Type: Unauthorized* *Error Value: The owner of the executing script is defined outside the context of the object being accessed. The script has proxy roles, but they do not apply in this context.. Access to 'getProperty' of nwuser denied. Access requires one of the following roles: ['Manager']. The executing script is (PythonScript at /DCARF/Forms/initialContact/initialContact), owned by admin1. * ** I'm not sure why this is occurring. Giving the script a proxy role of Manager should get around the first problem, but I'm not sure why it doesn't. Any ideas what is causing this?
I am wanting to log a product to postgres database. I want to write to the log from my Script Python methods (in skins) when certain actions occur. The product itself uses a number of zsql methods. Can I import existing zope logging classes in my Script Python to to this or will I need to rely on external methods. Any recommendations or pointers to anything similar would be appreciated. Many thanks. David
David Pratt wrote at 2005-7-12 10:44 -0300:
I am wanting to log a product to postgres database. I want to write to the log from my Script Python methods (in skins) when certain actions occur. The product itself uses a number of zsql methods. Can I import existing zope logging classes in my Script Python
You can import them as soon as you execute the necessary security declarations (--> "PythonScripts" --> "README").
to to this
In order to let Zope's "logging classes" log to postgres, you will need to implement a new log handler that does this... -- Dieter
On Thursday, July 14, 2005, at 05:40 PM, Dieter Maurer wrote:
David Pratt wrote at 2005-7-12 10:44 -0300:
I am wanting to log a product to postgres database. I want to write to the log from my Script Python methods (in skins) when certain actions occur. The product itself uses a number of zsql methods. Can I import existing zope logging classes in my Script Python
You can import them as soon as you execute the necessary security declarations (--> "PythonScripts" --> "README").
Hi Dieter. I realize that external methods are needed in most cases to import into a Script Python. I was hoping perhaps logging might be one of the classes that could be imported without going to external methods.
to to this
In order to let Zope's "logging classes" log to postgres, you will need to implement a new log handler that does this...
Thanks. I guess my big decision with this was whether I ought to use what already exists in Zope or use python's logging class. Either way I have to write something to handle, store, retrieve the logs for sure. Regards, David
David Pratt wrote:
I am wanting to log a product to postgres database. I want to write to the log from my Script Python methods (in skins) when certain actions occur. The product itself uses a number of zsql methods. Can I import existing zope logging classes in my Script Python to to this or will I need to rely on external methods. Any recommendations or pointers to anything similar would be appreciated.
For something as specialised as this, I'd just insert appropriate calls to appropriate ZSQL methods where you need them. The logging framework is great when you want to be able to switch where log entries are written in a more dynamic fashion, or enable other users of your code to decide to log to a different place. You, however, want to log into postgres only, as best I can see, so there's no point in fighting the security restrictions in your particular case ;-) That said, it'd be great if you could at least do: from logging import getLogger logger = getLogger('event.something') logger.log('something') ...without loads of unauthorized errors popping up :-S cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
On 12 Jul 2005, at 14:03, Nicholas Watmough wrote:
I'm trying to access the getProperty() method of the LDAPUser class in a Python script, in order to access the Active Directory email address of the user.
There is no problem with this, if I use the method on the current active user. However, it doesn't work when I attempt to use the method on another property.
The output of VerboseSecurity is:
*Error Type: Unauthorized* *Error Value: Your user account does not have the required permission. Access to 'getProperty' of nwuser denied. Your user account, abuser, exists at /acl_users. Access requires one of the following roles: ['Manager']. Your roles in this context are ['Anonymous', 'Authenticated', 'User'].*
It appears that the currently authenticated used has the 'View' permission (required to use getProperty) on itself, but not for other users. I'm not sure how to change this.
I'm assuming that the "other" user is not wrapped. How are you getting that other user object? jens
I'm not sure what you mean by a 'wrapped' user. What causes a user to have a wrapper in Zope? I am getting the 'other' user via the following code: user = context.acl_users.getUserById(username) Will this cause the user to be returned with a wrapper, and if so, how would I remove the wrapper? Thanks. Jens Vagelpohl wrote:
On 12 Jul 2005, at 14:03, Nicholas Watmough wrote:
I'm trying to access the getProperty() method of the LDAPUser class in a Python script, in order to access the Active Directory email address of the user.
There is no problem with this, if I use the method on the current active user. However, it doesn't work when I attempt to use the method on another property.
The output of VerboseSecurity is:
*Error Type: Unauthorized* *Error Value: Your user account does not have the required permission. Access to 'getProperty' of nwuser denied. Your user account, abuser, exists at /acl_users. Access requires one of the following roles: ['Manager']. Your roles in this context are ['Anonymous', 'Authenticated', 'User'].*
It appears that the currently authenticated used has the 'View' permission (required to use getProperty) on itself, but not for other users. I'm not sure how to change this.
I'm assuming that the "other" user is not wrapped. How are you getting that other user object?
jens
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
On 14 Jul 2005, at 02:53, Nicholas Watmough wrote:
I'm not sure what you mean by a 'wrapped' user. What causes a user to have a wrapper in Zope?
I am getting the 'other' user via the following code:
user = context.acl_users.getUserById(username)
Will this cause the user to be returned with a wrapper, and if so, how would I remove the wrapper?
No, it's the other way around. You want the wrapper. getUserbyId returns unwrapped users. If you use CMF or something based on CMF you could use the membership tool's getMemberById to return something more useful, otherwwise you'll have to do the wrapping yourself: user = acl_users.getUserById(user_id).__of__(acl_users) jens
participants (5)
-
Chris Withers -
David Pratt -
Dieter Maurer -
Jens Vagelpohl -
Nicholas Watmough