hi! i have a "small" problem with PageTemplateFiles i use in products. the problem is, that none of my products which worked fine under zope <= 2.6.2 are working under 2.6.3/2.7.0-rc1. i always get "You are not allowed to access '' in this context" when i try to access a PageTemplateFile, even if i declare them public. normal methods are still working correct. these are the lines, where the problem(s) must be: ... __roles__ = ( ) security = ClassSecurityInfo( ) security.setDefaultAccess( 'deny' ) ... security.declarePublic( 'index_html' ) index_html = PageTemplateFile( 'ZPT/index_html.zpt', globals( ) ) ... any idea what i'm doing wrong? thanx in advance - sifu
Siegmund Fuhringer wrote at 2004-1-23 14:42 +0100:
i have a "small" problem with PageTemplateFiles i use in products. the problem is, that none of my products which worked fine under zope <= 2.6.2 are working under 2.6.3/2.7.0-rc1.
i always get "You are not allowed to access '' in this context" when i try to access a PageTemplateFile, even if i declare them public. normal methods are still working correct.
these are the lines, where the problem(s) must be:
... __roles__ = ( ) security = ClassSecurityInfo( ) security.setDefaultAccess( 'deny' ) ... security.declarePublic( 'index_html' ) index_html = PageTemplateFile( 'ZPT/index_html.zpt', globals( ) ) ...
any idea what i'm doing wrong?
Your PageTemplate is not allowed to access its "container". Up to the 2.6.3 security enhancements, this was not a problem. Now, binding "container" raises an "Unauthorized". You can either wait for the next Zope release (binding will then be possible again) or remove "container" for your PageTemplate's binding. You will need to look at the "Shared.DC.Scripts.Bindings.Bindings" to find out how to modify bindings for a "PageTemplateFile". -- Dieter
Siegmund Fuhringer wrote:
hi!
i have a "small" problem with PageTemplateFiles i use in products. the problem is, that none of my products which worked fine under zope <= 2.6.2 are working under 2.6.3/2.7.0-rc1.
i always get "You are not allowed to access '' in this context" when i try to access a PageTemplateFile, even if i declare them public. normal methods are still working correct.
these are the lines, where the problem(s) must be:
... __roles__ = ( ) security = ClassSecurityInfo( ) security.setDefaultAccess( 'deny' ) ... security.declarePublic( 'index_html' ) index_html = PageTemplateFile( 'ZPT/index_html.zpt', globals( ) ) ...
any idea what i'm doing wrong?
thanx in advance - sifu
------------------------------------------------------------------------
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
This is a known and solved problem. You have to download a version from CVS, or you have to wait for the next release. Robert
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 24/01/2004, at 11:27 AM, robert rottermann wrote:
Siegmund Fuhringer wrote:
i have a "small" problem with PageTemplateFiles i use in products. the problem is, that none of my products which worked fine under zope <= 2.6.2 are working under 2.6.3/2.7.0-rc1.
i always get "You are not allowed to access '' in this context" when i try to access a PageTemplateFile, even if i declare them public. normal methods are still working correct.
these are the lines, where the problem(s) must be:
... __roles__ = ( ) security = ClassSecurityInfo( ) security.setDefaultAccess( 'deny' ) ... security.declarePublic( 'index_html' ) index_html = PageTemplateFile( 'ZPT/index_html.zpt', globals( ) ) ...
any idea what i'm doing wrong?
This is a known and solved problem. You have to download a version from CVS, or you have to wait for the next release.
This particular problem is not yet resolved. A temporary work around is to use security.setDefaultAccess({'': 1}) instead of security.setDefaultAccess('deny'). I have no idea if this workaround is reopening the security holes these extra checks were supposed to close. - -- Stuart Bishop <stuart@stuartbishop.net> http://www.stuartbishop.net/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (Darwin) iD8DBQFAEbpuAfqZj7rGN0oRAvd5AKCN0+DsYzh6jY74CQrRheIZm55F3wCgmH52 MxAdKZAPPhOALN9/XoP07pY= =fXgs -----END PGP SIGNATURE-----
participants (4)
-
Dieter Maurer -
robert rottermann -
Siegmund Fuhringer -
Stuart Bishop