Continuing to investigate my problem I get now this error " You are not allowed to access 'aq_inner' in this context " for one specific user. I've read that aq_inner is the aquisition system : how is it possible not to have rights on it ? Sebastien
Sébastien Vinot wrote:
Continuing to investigate my problem
Which is ?-)
I get now this error " You are not allowed to access 'aq_inner' in this context " for one specific user.
I've read that aq_inner is the aquisition system : how is it possible not to have rights on it ?
UTSL !-) AFAIK, aq_self, aq_parent, aq_inner, etc, are under control of the security mechansim and are not accessible from the 'restricted' environment (scripts, ZPT, DTML etc.). You can only use'em from Products or External Methods. -- Bruno Desthuilliers - Analyste-programmeur bruno@modulix.org www.modulix.com
bruno modulix wrote:
Sébastien Vinot wrote:
Continuing to investigate my problem
Which is ?-)
I get now this error " You are not allowed to access 'aq_inner' in this context " for one specific user.
I've read that aq_inner is the aquisition system : how is it possible not to have rights on it ?
UTSL !-)
AFAIK, aq_self, aq_parent, aq_inner, etc, are under control of the security mechansim and are not accessible from the 'restricted' environment (scripts, ZPT, DTML etc.). You can only use'em from Products or External Methods.
Actually, the ZopeSecurity policy normally prohibits accessfrom untrusted code to any acquisition methods *except* 'aq_parent', 'aq_inner', and 'aq_explicit' (search $ZOPE_HOME/lib/python/AccessControl/ImplPython.py for 'valid_aq'). The exceptions then go through the "normal" validation process. Try adding Shane Hathaway's VerboseSecurity product to your Zope (while debugging such issues); it often gives you many more clues to what triggers and Unauthorized exception: http://hathawaymix.org/Software/VerboseSecurity Tres. -- =============================================================== Tres Seaver tseaver@zope.com Zope Corporation "Zope Dealers" http://www.zope.com
Tres Seaver wrote:
bruno modulix wrote:
Sébastien Vinot wrote:
Continuing to investigate my problem
Which is ?-)
I get now this error " You are not allowed to access 'aq_inner' in this context " for one specific user.
I've read that aq_inner is the aquisition system : how is it possible not to have rights on it ?
UTSL !-)
AFAIK, aq_self, aq_parent, aq_inner, etc, are under control of the security mechansim and are not accessible from the 'restricted' environment (scripts, ZPT, DTML etc.). You can only use'em from Products or External Methods.
Actually, the ZopeSecurity policy normally prohibits accessfrom untrusted code to any acquisition methods *except* 'aq_parent', 'aq_inner', and 'aq_explicit'
(some test later...) You're right. I had a similar symptom with aq_self, and I wrongfully concluded that all aq_XXX methods were prohibited. for i in range(100): print "I'll UTS myself before telling others to do so" Is that's ok ?-) (snip)
Try adding Shane Hathaway's VerboseSecurity product to your Zope (while debugging such issues); it often gives you many more clues to what triggers and Unauthorized exception:
Thank for the tip. -- Bruno Desthuilliers - Analyste-programmeur bruno@modulix.org www.modulix.com
participants (3)
-
bruno modulix -
Sébastien Vinot -
Tres Seaver