SiteAccess/TinyTablePlus perplexed - help.
I am trying to write some data to a TinyTable via an AccessRule. I am stuck and have tried the obvious "security" overrides on the table. I get the following DTML errors-but cant identify the security problem. Unauthorized >>You are not authorized to access html_impression I am using Zope2.4.0. The code is using Embedded Session Values. The call works fine without the AccessRule. <dtml-let stack="REQUEST['TraversalRequestNameStack']"> Don't intercept management requests <dtml-unless "stack[0][:6]=='manage'"> Is the next path segment a positive integer? <dtml-if "_.int(stack[-1])>0"> Save it and remove it from the path <dtml-call "REQUEST.set('SessionID', stack.pop())"> Add it back into the logical path <dtml-call "REQUEST.setVirtualRoot(REQUEST.steps+[SessionID])"> <dtml-call "html_impression.setRow(sessID='sessionID2',timestamp='time',IP=_.render(REM OTE_ADDR))"> <dtml-else> <dtml-raise type="Invalid">Invalid Session ID!</dtml-raise> </dtml-if> </dtml-unless> </dtml-let> TIA4help, Trevor
Trevor Toenjes writes:
I am trying to write some data to a TinyTable via an AccessRule. I am stuck and have tried the obvious "security" overrides on the table.
I get the following DTML errors-but cant identify the security problem. Unauthorized >>You are not authorized to access html_impression In the AccessRule there is not yet a security context (authenticated user).
You can only access public objects. Maybe, an External Method is your best choice. Dieter
In the AccessRule there is not yet a security context (authenticated user). You can only access public objects. Maybe, an External Method is your best choice.
Is there a way to set a security context? I think I am missing the point. To clarify...Your suggestion implies that calling an external method from the AccessRule could work, or did you imply to replace the whole AccessRule? Thanks, Trevor
Trevor, I'm pretty sure Dieter means replace the accessRule with an external method. Reason being is because accessRules are almost like a pre-request trigger. REQUEST seems to not have been asserted yet when its run. Therefore there is no user yet as he said. In other words, even anonymous user has not yet been assigned because the access rule is run prior to everything else about rendering a page back in response. I've tried to use accessrules to do work on session/user management but ran into the same wall. Paul Zwarts -----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org] On Behalf Of Trevor Toenjes Sent: Thursday, November 22, 2001 8:21 PM To: Dieter Maurer; Trevor Toenjes Cc: zope@zope.org Subject: [Zope] SiteAccess doesnt have security :was [SiteAccess/TinyTablePlus perplexed]
In the AccessRule there is not yet a security context (authenticated user). You can only access public objects. Maybe, an External Method is your best choice.
Is there a way to set a security context? I think I am missing the point. To clarify...Your suggestion implies that calling an external method from the AccessRule could work, or did you imply to replace the whole AccessRule? Thanks, Trevor _______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Trevor Toenjes writes:
In the AccessRule there is not yet a security context (authenticated user). You can only access public objects. Maybe, an External Method is your best choice.
Is there a way to set a security context? I think I am missing the point. The security context is set after URL traversal. At least, it is not easy to set it before. Read
<http://www.dieter.handshake.de/pyprojects/zope/book/chap3.html> for details on the publishing process.
To clarify...Your suggestion implies that calling an external method from the AccessRule could work, or did you imply to replace the whole AccessRule? Make the External Method your AccessRule.
Dieter
participants (3)
-
Dieter Maurer -
Paul Zwarts -
Trevor Toenjes