Traverse hook and security
Hi, I'm developing a Zope product myContainer. It has a traverse hook like this: def __bobo_traverse__(self, REQUEST, name): return MyObj(name) MyObj is a transient wrapper class, its properties are populated from a db. Say I've created an instance of the container in Zodb as myContainer, I can visit this url: http://localhost/myContainer/someObj/index_html But when I visit this as the Manager: http://localhost/myContainer/someObj/manage_workspace Zope throws out an authorization box. I have to log in as emergency super user to be able to visit any methods prefixed as 'manage_' under someObj. Is there something missing in my hook? Cheers Dirksen __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of Dirksen
Zope throws out an authorization box. I have to log in as emergency super user to be able to visit any methods prefixed as 'manage_' under someObj.
As far as I remember, any method starting with manage_ is hidden unless they are assigned rights. I could remember wrong though. Regards Max M Max M. W. Rasmussen, Denmark. New Media Director private: maxmcorp@worldonline.dk work: maxm@normik.dk ----------------------------------------------------- Shipping software is an unnatural act
On Wed, 20 Jun 2001 00:27:29 -0700 (PDT), Dirksen <dirksen_lau@yahoo.com> wrote:
I'm developing a Zope product myContainer. It has a traverse hook like this: def __bobo_traverse__(self, REQUEST, name): return MyObj(name)
MyObj is a transient wrapper class, its properties are populated from a db. Say I've created an instance of the container in Zodb as myContainer, I can visit this url: http://localhost/myContainer/someObj/index_html
But when I visit this as the Manager: http://localhost/myContainer/someObj/manage_workspace
Zope throws out an authorization box. I have to log in as emergency super user to be able to visit any methods prefixed as 'manage_' under someObj.
Is there something missing in my hook?
If you want the transient object to participate in the security system, using the same security settings as the object that creates it ('someObj') then you need def __bobo_traverse__(self, REQUEST, name): return MyObj(name).__of__(self) and for MyObj to be derived from a Acquisition.Implicit (or equivalent) Toby Dickenson tdickenson@geminidataloggers.com
Dirksen writes:
I'm developing a Zope product myContainer. It has a traverse hook like this: def __bobo_traverse__(self, REQUEST, name): return MyObj(name) ... But when I visit this as the Manager: http://localhost/myContainer/someObj/manage_workspace
Zope throws out an authorization box. I have to log in as emergency super user to be able to visit any methods prefixed as 'manage_' under someObj. Zope's security subsystem requires Acquisition to work.
Derive your class from either "Acquisition.Explicit" or "Acquisition.Implicit". Use "return MyObj(name).__of__(self)" Dieter
participants (4)
-
Dieter Maurer -
Dirksen -
Max M -
Toby Dickenson