CopySupport methods permissions - do they make sense?
I'm doing a site that allows membership. When users sign up, I create a folder with an acl_users folder and a user for them. All the folder/user creation happens as an anonymous user, which should be ok 'cause the only way they can do these things is via my logic. Problem is, I'd also *like* to copy or clone a index_html page into the user's new folder. What I think I've found, however, is that pretty much all of the methods in OFS/CopySupport.py require "View management screens" permissions in order to do copy/clone operations. Delete operations, on the other hand, have their own permission setting. Does this make sense? I really don't want to have to turn on "View management screens" for anonymous users, and I don't think I should have to just to use copy/clone methods. IMHO the copy operations should have their own seperate permission as delete does. What do you think? As a completely seperate aside, it'd be nice if, when access fails due to permissions, Zope would report on just what sort of permission would be required in order to accomplish the operation in question. As it stands it's an easter egg hunt and it's not too fun.
From: r oot [mailto:root@globalcrossing.com]On Behalf Of Dave Parker Sent: Thursday, November 04, 1999 08:38
<snip>
As a completely seperate aside, it'd be nice if, when access fails due to permissions, Zope would report on just what sort of permission would be required in order to accomplish the operation in question.
That would be like telling a burglar which tumblers his makeshift key failed to position correctly. It gives clues as to how to defeat the security mechanism.
As it stands it's an easter egg hunt and it's not too fun.
Agreed.
Loren Stafford wrote:
As a completely seperate aside, it'd be nice if, when access fails due to permissions, Zope would report on just what sort of permission would be required in order to accomplish the operation in question.
That would be like telling a burglar which tumblers his makeshift key failed to position correctly. It gives clues as to how to defeat the security mechanism.
I guess that's probably true, but but then the functionality could be optional a la BOBO_DEBUG_MODE.
Loren Stafford wrote:
From: r oot [mailto:root@globalcrossing.com]On Behalf Of Dave Parker Sent: Thursday, November 04, 1999 08:38
<snip>
As a completely seperate aside, it'd be nice if, when access fails due to permissions, Zope would report on just what sort of permission would be required in order to accomplish the operation in question.
That would be like telling a burglar which tumblers his makeshift key failed to position correctly. It gives clues as to how to defeat the security mechanism.
Maybe a debug mode with that info would help. David, tone.
As it stands it's an easter egg hunt and it's not too fun.
Agreed.
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope No cross posts or HTML encoding! (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Dave Parker wrote:
I'm doing a site that allows membership. When users sign up, I create a folder with an acl_users folder and a user for them. All the folder/user creation happens as an anonymous user, which should be ok 'cause the only way they can do these things is via my logic.
Problem is, I'd also *like* to copy or clone a index_html page into the user's new folder.
What you want is under the Proxy management tab. setup a role, in the "security" tab, that as "View management screens" and goto the proxy tab in the method or document and select the role you created, press "change". Remember that this is a security hole if you accept parameters in that method, basically keep it to the point and simple.
What I think I've found, however, is that pretty much all of the methods in OFS/CopySupport.py require "View management screens" permissions in order to do copy/clone operations. Delete operations, on the other hand, have their own permission setting. Does this make sense? I really don't want to have to turn on "View management screens" for anonymous users, and I don't think I should have to just to use copy/clone methods.
IMHO the copy operations should have their own seperate permission as delete does. What do you think?
I think they should but the above works for now. Maybe someone can think about it and put up a proposal :)
As a completely seperate aside, it'd be nice if, when access fails due to permissions, Zope would report on just what sort of permission would be required in order to accomplish the operation in question. As it stands it's an easter egg hunt and it's not too fun.
Submit that to the collector if its not already in there. Regards, David
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope No cross posts or HTML encoding! (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
David Kankiewicz wrote:
Problem is, I'd also *like* to copy or clone a index_html page into the user's new folder.
What you want is under the Proxy management tab.
setup a role, in the "security" tab, that as "View management screens" and goto the proxy tab in the method or document and select the role you created, press "change".
Good idea, but it doesn't seem to work. I set the method to have a proxy role of Manager (should work for sure, then I'll narrow it down later). But it fails with a permission error on the paste part of a clone operation. I looked in CopySupport (again) as it's failing in _verifyObjectPaste(self, ob, REQUEST). Here's the salient bit: if hasattr(meth, '__roles__'): roles=meth.__roles__ user=REQUEST.get('AUTHENTICATED_USER', None) if (not hasattr(user, 'has_role') or not user.has_role(roles, self)): raise 'Unauthorized', ( """You are not authorized to perform this operation.""" ) return ...which, to my very untrained eye, suggests that your approach would work provided the user in question has one of the roles associated with the method. Which would be fine, but how would I assign a role to an anonymous user? If I can't do that, I'm back to "there should be a seperate permission"
Dave Parker wrote:
<snippers>
...which, to my very untrained eye, suggests that your approach would work provided the user in question has one of the roles associated with the method. Which would be fine, but how would I assign a role to an anonymous user?
If I can't do that, I'm back to "there should be a seperate permission"
It may have nothing to do with that (not sure). Can you sent the dtml and error traceback? From the past emails on the subject, which don't provide much help (only one does), I get the idea that its a namespace logic problem, so the DTML your using may be missing something. Regards, David
David Kankiewicz wrote:
Dave Parker wrote:
<snippers>
...which, to my very untrained eye, suggests that your approach would work provided the user in question has one of the roles associated with the method. Which would be fine, but how would I assign a role to an anonymous user?
If I can't do that, I'm back to "there should be a seperate permission"
It may have nothing to do with that (not sure). Can you sent the dtml and error traceback? From the past emails on the subject, which don't provide much help (only one does), I get the idea that its a namespace logic problem, so the DTML your using may be missing something.
I'm probably getting loopy, but I can't figure out how to set things up such that an anonymous user could copy or clone or rename anything, period - it's feels like the logic is coded in such a way that it just isn't possible (for anonymous). Could anyone come up with a simple working example of this that does *not* require "View management screens" be turned on in both the source and target folders??? It *should* be simple.
participants (3)
-
Dave Parker -
David Kankiewicz -
Loren Stafford