Product Creation and Permission
I started working on this the other day and posted some questions regarding this, and I apologize ahead of time for the length of this message, but this has me absolutely baffled and if anyone can offer some insight into Zope's ObjectManger and how it works in regards to this, it would be extremely appreciated. I am constructing a product that is basically in essence a SQL-Zclass, where you can manipulate SQL in a Object Manager. I have two classes, A and B, where B works off of A. So, after you create a instance of A in Zope (in a folder or such), it appears .. and then you click on it, it brings up a management screen (assuming that we're allowable to do such) that runs a SQL command that displays the results as "objects" in the instance of A. These instances displayed in A are related to B. Clicking on one of these new instances of B should bring up a list of further related objects contained in B (in the SQL database) and allow you to manage objects C, D, E... etc. The problem that I am getting is A works fine, and shows the objects of B contained within. However, when I click on one of these in the management screen, I get a request to login again, and I can never enter in a correct authentication despite having full privledges to this Zope server, and after three tries, I am dropped to a Unauthorized screen saying that Username and Password are not correct. Can anyone shed any light on this issue? Is there something I am missing, some class that I am not inheriting that's allowing Zope access to it's authentication methods? Or is what I am doing just plain impossible in Zope? I have included examples of what I am trying to do below and apologize for the length of this message. Jason A: import Globals from Globals import Persistent, Acquisition import AccessControl import OFS from B import * from pg import DB from AccessControl import ClassSecurityInfo from Acquisition import Implicit __allow_access_to_unprotected_subobjects__ = 1 class objectChunk(Implicit): security = ClassSecurityInfo() security.declareObjectPublic() security.setDefaultAccess('allow') security.__allow_access_to_unprotected_subobjects__ = 1 def SQLquery(query): db = "zope" server = "192.168.1.1" port = 5432 sqluser = "zope" sqlpassword = "********" data = [] if query[0:6] == "SELECT": for output in DB(db,server,port,'',sqluser,sqlpassword).query(query).dictresult(): result = objectChunk() masterkeys = output.keys() for key in masterkeys: f = setattr(result, key, output[key]) data.append(result) else: SQLOUTPUT = DB(db,server,port,'',sqluser,sqlpassword).query(query) return (data) def manage_addA(self,id,name,description,REQUEST=None): obja = A(id,name,description) self._setObject(id, obja) if REQUEST is not None: return self.manage_main(self, REQUEST) manage_addAForm = Globals.HTMLFile('dtml/add_obja', globals()) class A( OFS.ObjectManager.ObjectManager, OFS.PropertyManager.PropertyManager, Acquisition.Implicit, Persistent, AccessControl.Role.RoleManager, OFS.SimpleItem.Item, ): a=() manage_options=( {'label':'Properties', 'action':'manage_main'}, {'label':'View', 'action':''}, ) + OFS.SimpleItem.SimpleItem.manage_options meta_type = 'Product' index_html = Globals.HTMLFile("dtml/obja", globals()) #manage_main = Globals.HTMLFile("dtml/edit_obja", globals()) def __init__(self, id, name,description): self.id = id self.name = name self.desc = description def objectItems(self): objQUERY = "SELECT * FROM B WHERE dgid = '" + self.id + "'" QUERYRESULT = [] QUERYRESULT = SQLquery(objQUERY) a = [] for objects in QUERYRESULT: tp = B(objects.id,objects.dgid,objects.obj_name,objects.obj_desc,objects.obj_creator,objects.obj_created,objects.obj_moddate) tpwrapper = [objects.id,tp] a.append(tpwrapper) return a def manage_beforeDelete(self,item,container): QUERYSTRING = "DELETE FROM B WHERE dgid = '" + item.id + "'" queryresult = SQLquery(QUERYSTRING) def _getOb(self,id,dp=2): __allow_access_to_unprotected_subobjects__ = 1 nextobject = B(self.id,id,"name","desc","creater","createrdate","moddate") return nextobject def _delObjects(self,id): "This deletes the objects specified" print "In the _delObjects" def _delOb(self,id): "This deletes the objects specified" SQLQUERY = "DELETE FROM B WHERE id = '" + id + "'" INQUIRE = SQLquery(SQLQUERY) Globals.default__class_init__(A) Globals.default__class_init__(B) Globals.InitializeClass(objectChunk) B: import Globals from Globals import Persistent, Acquisition import AccessControl import OFS from pg import DB from AccessControl import ClassSecurityInfo from Acquisition import Implicit __ac_permissions__ = ( ('View', ('index_html', '__getitem__', 'id', 'pageCount', 'getAllPages', 'getPage', 'navigationBar')), ('Management Screens', ('manage_main','manage_edit', 'manage_addPage', 'manage_editPage', 'manage_deletePages')), ('Anonymous','Anonymous'), ) __allow_access_to_unprotected_subobjects__ = 1 class objectChunk(Implicit): security = ClassSecurityInfo() security.declareObjectPublic() security.setDefaultAccess('allow') security.__allow_access_to_unprotected_subobjects__ = 1 def SQLquery(query): ## change these when you change servers db = "zope" server = "192.168.1.1" port = 5432 sqluser = "zope" sqlpassword = "********" data = [] if query[0:6] == "SELECT": for output in DB(db,server,port,'',sqluser,sqlpassword).query(query).dictresult(): result = objectChunk() masterkeys = output.keys() for key in masterkeys: f = setattr(result, key, output[key]) data.append(result) else: SQLOUTPUT = DB(db,server,port,'',sqluser,sqlpassword).query(query) return (data) def manage_addB(self,dg_id,id,name,desc,creater,createrdate,moddate,REQUEST=None): The argument 'self' will be bound to the parent Folder. QUERYSTRING = "INSERT INTO C (id,dgid,obj_name,obj_desc,obj_creator,obj_created,obj_moddate) VALUES ('"+id+"','"+dg_id+"','"+name+"','"+desc+"','"+creater+"','"+createrdate+"','"+moddate+"')" print QUERYSTRING SQLRETURN = SQLquery(QUERYSTRING) if REQUEST is not None: return self.manage_main(self, REQUEST) manage_addTopicForm = Globals.HTMLFile('dtml/add_obj', globals()) class B( OFS.ObjectManager.ObjectManager, OFS.PropertyManager.PropertyManager, Acquisition.Implicit, Persistent, AccessControl.Role.RoleManager, OFS.SimpleItem.Item, ): __ac_permissions__ = ( ('Change Management', ('manage_main','manage_edit', 'manage_addPage', 'manage_editPage', 'index_html')), ) a=() security = ClassSecurityInfo() security.declareObjectPublic() ##security.setDefaultAccess('allow') security.__allow_access_to_unprotected_subobjects__ = 1 manage_workspace__roles__=('Manager','Anonymous',) manage_options=( {'label':'Properties', 'action':'manage_main'}, {'label':'View', 'action':''}, ) + OFS.SimpleItem.SimpleItem.manage_options meta_type = 'Product 2' index_html = Globals.HTMLFile("dtml/obj", globals()) manage_main = Globals.HTMLFile("dtml/edit_obj", globals()) def __init__(self,dg_id,id,name,desc,creater,createrdate,moddate): self.dg_id = dg_id self.id = id self.name = name self.desc = desc self.creater = creater self.createdate = createrdate self.moddate = moddate __allow_access_to_unprotected_subobjects__ = 1 manage_workspace__roles__=('Manager','Anonymous',) def objectItems(self): print "In the objectItems method of Tp" objQUERY = "SELECT * FROM B WHERE dgid = '" + self.id + "'" QUERYRESULT = [] QUERYRESULT = SQLquery(objQUERY) a = [] for objects in QUERYRESULT: tp = B(objects.id,objects.dgid,objects.obj_name,objects.obj_desc,objects.obj_creator,objects.obj_created,objects.obj_moddate) tpwrapper = [objects.id,tp] a.append(tpwrapper) return a Globals.InitializeClass(objectChunk) ____________________________________________________________________ Get free email and a permanent address at http://www.netaddress.com/?N=1
Jason Joy wrote:
I started working on this the other day and posted some questions regarding this, and I apologize ahead of time for the length of this message, but this has me absolutely baffled and if anyone can offer some insight into Zope's ObjectManger and how it works in regards to this, it would be extremely appreciated.
I am constructing a product that is basically in essence a SQL-Zclass, where you can manipulate SQL in a Object Manager. I have two classes, A and B, where B works off of A.
So, after you create a instance of A in Zope (in a folder or such), it appears .. and then you click on it, it brings up a management screen (assuming that we're allowable to do such) that runs a SQL command that displays the results as "objects" in the instance of A. These instances displayed in A are related to B. Clicking on one of these new instances of B should bring up a list of further related objects contained in B (in the SQL database) and allow you to manage objects C, D, E... etc. The problem that I am getting is A works fine, and shows the objects of B contained within. However, when I click on one of these in the management screen, I get a request to login again, and I can never enter in a correct authentication despite having full privledges to this Zope server, and after three tries, I am dropped to a Unauthorized screen saying that Username and Password are not correct.
In the definition of B there unser __ac_permissions__, you have a permission called 'Management Screens'. You might want to change that to 'View management screens'. Also, this is just loose in the module, it does no good there AFAIK. Put it inside the class def. You set permissions on the constructor methods in you __init__.py RegisterClass call. The last two lines of your __init__ def of B do nothing. They are local variables that never see the light of day. -- | Casey Duncan | Kaivo, Inc. | cduncan@kaivo.com `------------------>
The other thing I now notice is that you are mixing the old security model with __ac_permissions__ with the new one "classSecurityInfo". This is likely confusing Zope. Drop the __ac_permissions__ stuff. -- | Casey Duncan | Kaivo, Inc. | cduncan@kaivo.com `------------------>
participants (2)
-
Casey Duncan -
Jason Joy