ExUserFolder + Core Session Tracking - authentication with cookies, error on first load
Using: Zope Zope 2.3.2 ExUserFolder 0-8-0 CoreSessionTracking 0.9 I spent some time today downlaoding and playing around with exUserFolder and got it to auhenticate from Postgres just fine. Then I tired to play around also with CoreSessionTracking and found this problem. I have a secured folder, which requires authentication and in which I will try to move into. Authentication pops up and I write rigth username and password. Then should come the page, but usually comes error - from which the traceback is down below. That error also comes from time to time, if I reload page which is using core session tracking. Example page I used testing core session tracking: <dtml-with sessiondatamanager> <dtml-let a=getSessionData> Before change: <dtml-var a><br> <dtml-call "a.set('zopetime', ZopeTime())"> <dtml-comment> 'zopetime' will be set to a datetime object for the current session </dtml-comment> After change: <dtml-var a><br> </dtml-let> </dtml-with> <!-- Traceback (innermost last): File /usr/lib/python1.5/site-packages/ZPublisher/Publish.py, line 223, in publish_module File /usr/lib/python1.5/site-packages/ZPublisher/Publish.py, line 187, in publish File /usr/share/zope/lib/python/Zope/__init__.py, line 221, in zpublisher_exception_hook (Object: Traversable) File /usr/lib/python1.5/site-packages/ZPublisher/Publish.py, line 162, in publish File /usr/lib/python1.5/site-packages/ZPublisher/BaseRequest.py, line 446, in traverse File /var/zope/Products/exUserFolder/exUserFolder.py, line 834, in validate (Object: Traversable) File /var/zope/Products/exUserFolder/exUserFolder.py, line 755, in cookie_validate (Object: Traversable) File /var/zope/Products/exUserFolder/UserCache/UserCache.py, line 87, in getUser File /var/zope/Products/exUserFolder/exUserFolder.py, line 177, in notifyCacheRemoval AttributeError: 'None' object has no attribute 'flushTempProperties' --> Anyone else noticed this? -huima
+-------[ Heimo Laukkanen ]---------------------- | Using: | Zope Zope 2.3.2 | ExUserFolder 0-8-0 | CoreSessionTracking 0.9 | | I spent some time today downlaoding and playing around with exUserFolder | and got it to auhenticate from Postgres just fine. Then I tired to play | around also with CoreSessionTracking and found this problem. It's a bug in exUserFolder, you have a Null Property Source chosen, and for some reason I didn't protect against it in the User Object. (I did in the actual folder... oh well). At least the rate at which stupid bugs turn up is slowing down d8) -- Totally Holistic Enterprises Internet| | Andrew Milton The Internet (Aust) Pty Ltd | | ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au|
I have updated to newest exUserFolder, but stumbled to a new problem. I have created user with all the permissions, but I am still unable to edit users unless I give the Manager-role to the user. Is this a similar problem with acquisition as in: http://groups.yahoo.com/group/zope/message/75023 I browsed through the code of exUserFolder.py and didn't see if it inherits Acquisition.Implicit - it is though imported. class exUserFolder(Folder,BasicUserFolder,CopyContainer): Any ideas? -huima
+-------[ Heimo Laukkanen ]---------------------- | I have updated to newest exUserFolder, but stumbled to a new problem. I | have created user with all the permissions, but I am still unable to | edit users unless I give the Manager-role to the user. | | Is this a similar problem with acquisition as in: | | http://groups.yahoo.com/group/zope/message/75023 No. | I browsed through the code of exUserFolder.py and didn't see if it | inherits Acquisition.Implicit - it is though imported. Folder is based on Acquistion.Implicit. I think the problem is there is no explicit permissions for editing users try this; add 'manage_editUserForm', 'manage_editUser' to the __ac_permissions__ under 'Manage users' permission entry like so; ('Manage users', ('manage_users', 'manage_editUserForm', 'manage_editUser')), -- Totally Holistic Enterprises Internet| | Andrew Milton The Internet (Aust) Pty Ltd | | ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au|
Andrew Kenneth Milton wrote:
Folder is based on Acquistion.Implicit.
I think the problem is there is no explicit permissions for editing users try this;
add 'manage_editUserForm', 'manage_editUser' to the __ac_permissions__ under 'Manage users' permission entry like so;
('Manage users', ('manage_users', 'manage_editUserForm', 'manage_editUser')),
Yes. That seemed to do the trick. Could you give me a clue, what was the problem? Was it that there was no permission set for those manage_editUserForm and manage_editUser and therefore Zope security mechanism wanted to get Manager authorization? And thank you for your quick response again. -huima
+-------[ Heimo Laukkanen ]---------------------- | Andrew Kenneth Milton wrote: | | > Folder is based on Acquistion.Implicit. | > | > I think the problem is there is no explicit permissions for editing users | > try this; | > | > add 'manage_editUserForm', 'manage_editUser' to the __ac_permissions__ | > under 'Manage users' permission entry like so; | > | > ('Manage users', ('manage_users', 'manage_editUserForm', 'manage_editUser')), | | Yes. That seemed to do the trick. | | Could you give me a clue, what was the problem? Was it that there was no | permission set for those manage_editUserForm and manage_editUser and | therefore Zope security mechanism wanted to get Manager authorization? The security permission model changed a little in 2.4. Anything with manage_ must have a role explicitly allowed, or it requires Manager role. I've had a few of these crop up in other projects as well. Just matter of finding them all. -- Totally Holistic Enterprises Internet| | Andrew Milton The Internet (Aust) Pty Ltd | | ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au|
Andrew Kenneth Milton wrote:
I think the problem is there is no explicit permissions for editing users try this;
add 'manage_editUserForm', 'manage_editUser' to the __ac_permissions__ under 'Manage users' permission entry like so;
('Manage users', ('manage_users', 'manage_editUserForm', 'manage_editUser')),
To allow also adding and deleting users I needed to add: 'manage_addUserForm', 'manage_addUser', 'manage_userActions' Hope this helps others and will be in next version ,-) -huima
+-------[ Heimo Laukkanen ]---------------------- | | Hope this helps others and will be in next version ,-) It's definitely in for next version d8) -- Totally Holistic Enterprises Internet| | Andrew Milton The Internet (Aust) Pty Ltd | | ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au|
Heimo Laukkanen writes:
I have updated to newest exUserFolder, but stumbled to a new problem. I have created user with all the permissions, but I am still unable to edit users unless I give the Manager-role to the user.
Is this a similar problem with acquisition as in:
http://groups.yahoo.com/group/zope/message/75023
I browsed through the code of exUserFolder.py and didn't see if it inherits Acquisition.Implicit - it is though imported.
class exUserFolder(Folder,BasicUserFolder,CopyContainer): Because "Folder" inherits "Acquisition.Implicit", this is a different problem (but one that has occured already earlier --> mailing list archives).
Some methods are not protected by a permission but directly by roles (probably a bug). User management of ZopeĀ“s basic user folder was affected. My "DocFinder" product has been able to detect such methods (it would say "explicit 'Manager'" in the permission column). Unfortunately, it no longer works with the new permission management implemented in "C" -- at least not yet. Not sure, whether it still works for your Zope installation. Maybe, you try it out <http://www.dieter.handshake.de/pyprojects/zope> If it is this problem, then you need to provide a permission declaration for the respective function... Dieter
participants (3)
-
Andrew Kenneth Milton -
Dieter Maurer -
Heimo Laukkanen