Zope 2.7.4 - ZClass Permissions Change?
I have a few ZClass products that no longer allow me to add new objects and it is new since Zope2.7b4. It is happening with a few products like SimpleURL and KnowledgeKit and I am getting errors like: "Unauthorized: You are not allowed to access 'blah' in this context" It could be a method, a list or ZopeTime. I looked over the release files and can't find anything on this specifically. Jake ____________________ http://www.ZopeZone.com "Zoping for the rest of us"
--On Montag, 17. Januar 2005 14:56 Uhr -0500 Jake <jake@zopezone.com> wrote:
I have a few ZClass products that no longer allow me to add new objects and it is new since Zope2.7b4.
It is happening with a few products like SimpleURL and KnowledgeKit and I am getting errors like:
"Unauthorized: You are not allowed to access 'blah' in this context"
It could be a method, a list or ZopeTime.
I looked over the release files and can't find anything on this specifically.
There were no ZClasses changes since ages (in fact there is nobody willing to touch ZClasses :-)) Maybe install VerboseSecurity to figure out details... -aj
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 18 Jan 2005 06:56 am, Jake wrote:
I have a few ZClass products that no longer allow me to add new objects and it is new since Zope2.7b4.
It is happening with a few products like SimpleURL and KnowledgeKit and I am getting errors like:
"Unauthorized: You are not allowed to access 'blah' in this context"
It could be a method, a list or ZopeTime.
I looked over the release files and can't find anything on this specifically.
There was a change in 2.7.3 that broke a few people's permissions structures. The discussion about that kinda petered off with no real resolution, so the change is still active in 2.7.4. Sorry, no handy reference at the moment. The change was in AccessControl/ImplPython.py function guarded_getattr. The following change "fixed" it for me, though there is concern about the validity of the change: *************** *** 551,560 **** return v validate = SecurityManagement.getSecurityManager().validate + # Filter out the objects we can't access. + if hasattr(inst, 'aq_acquire'): + return inst.aq_acquire(name, aq_validate, validate) + # Or just try to get the attribute directly. if validate(inst, inst, name, v): return v raise Unauthorized, name - --- 551,556 ---- Richard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFB7CqsrGisBEHG6TARAlAcAJ9hwkoJzBnLR4gqGaf3dUsU/mzlUACfdagl R+NWeZ19C3MuvHqp7UK3K8I= =xI0e -----END PGP SIGNATURE-----
Hi Richard, Was the reported as a bug? Jake ____________________ http://www.ZopeZone.com "Zoping for the rest of us" On Jan 17, 2005, at 4:14 PM, Richard Jones wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Tue, 18 Jan 2005 06:56 am, Jake wrote:
I have a few ZClass products that no longer allow me to add new objects and it is new since Zope2.7b4.
It is happening with a few products like SimpleURL and KnowledgeKit and I am getting errors like:
"Unauthorized: You are not allowed to access 'blah' in this context"
It could be a method, a list or ZopeTime.
I looked over the release files and can't find anything on this specifically.
There was a change in 2.7.3 that broke a few people's permissions structures. The discussion about that kinda petered off with no real resolution, so the change is still active in 2.7.4.
Sorry, no handy reference at the moment. The change was in AccessControl/ImplPython.py function guarded_getattr. The following change "fixed" it for me, though there is concern about the validity of the change:
*************** *** 551,560 **** return v
validate = SecurityManagement.getSecurityManager().validate + # Filter out the objects we can't access. + if hasattr(inst, 'aq_acquire'): + return inst.aq_acquire(name, aq_validate, validate) + # Or just try to get the attribute directly. if validate(inst, inst, name, v): return v raise Unauthorized, name - --- 551,556 ----
Richard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFB7CqsrGisBEHG6TARAlAcAJ9hwkoJzBnLR4gqGaf3dUsU/mzlUACfdagl R+NWeZ19C3MuvHqp7UK3K8I= =xI0e -----END PGP SIGNATURE----- _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
There is a report of what I believe is the same issue here: http://zope.org/Collectors/CMF/318 Feel free to add the ZClass problem to the Zope collector though. I finally managed to come up with unit tests for this and am going to check them into Zope RSN. Stefan On 18. Jän 2005, at 00:46, Jake wrote:
Was the reported as a bug? -- The time has come to start talking about whether the emperor is as well dressed as we are supposed to think he is. /Pete McBreen/
What I really meant to say is: Please add it to the collector Stefan On 18. Jän 2005, at 14:06, Stefan H. Holek wrote:
Feel free to add the ZClass problem to the Zope collector though.
-- The time has come to start talking about whether the emperor is as well dressed as we are supposed to think he is. /Pete McBreen/
In my testing, Zope 2.5.1RC1 has fixed this bug. Jake ____________________ http://www.ZopeZone.com "Zoping for the rest of us" On Jan 19, 2005, at 1:16 PM, Stefan H. Holek wrote:
What I really meant to say is: Please add it to the collector
Stefan
On 18. Jän 2005, at 14:06, Stefan H. Holek wrote:
Feel free to add the ZClass problem to the Zope collector though.
-- The time has come to start talking about whether the emperor is as well dressed as we are supposed to think he is. /Pete McBreen/
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
participants (4)
-
Andreas Jung -
Jake -
Richard Jones -
Stefan H. Holek