Problem adding ZClass after upgrade to 2.7
I just recently upgraded from 2.6 to 2.7 (running on Solaris). But now I can't add new ZClass objects anymore. I'm asked to login and then told I don't have permission. Copying, pasting, uploading new versions,etc of these objects is no problem. Any ideas on how to remedy this? TIA, Anthu
Anthu Nguyen wrote at 2004-11-10 15:52 -0800:
I just recently upgraded from 2.6 to 2.7 (running on Solaris). But now I can't add new ZClass objects anymore. I'm asked to login and then told I don't have permission.
I still can do it... You can analyse security problems with the "VerboseSecurity" product (you probably need the version from Zope's CVS). Come back with the information "VerboseSecurity" give you (unless you can solve your problem alone with this info). -- Dieter
Hi Anthu,
I just recently upgraded from 2.6 to 2.7 (running on Solaris). But now I can't add new ZClass objects anymore. I'm asked to login and then told I don't have permission. One reason could be that you don't have the right permissions on your file system (suposing that you are running unix/linux) -> this depends on the message you are getting. I don't rememmber well what's the message for this kind of error. I think is something like "file erno permission denied". The permissions I used are read/write for the user running zope and group owning the files, and nothing for the other users (here I assume that you have a group for the zope user only). It will be something like:
% chown -R zopeuser:zopeuser <ZopeRoot> % chmod -R gu+rw <ZopeRoot> % chmod -R o-rwx <ZopeRoot> % find . -type d -exec chmod gu+x {} \; -> excecution perm. on folders Then read the SETUID.txt on the doc folder to set the permissions of the var and Data.fs if you are running zope as root. If the permissions are right on the file system and what you are getting is a zope "Unauthorized" exception, then try first exporting the ZClasses, then the data on the root folder from your old zope. Finally, import them on the a new empty zope 2.7.x install: first import the ZClases on the Products Folder, then the data. I don't know if this helps, but that's how I did the migration of my ZClasses on the past. By the way, post a traceback, it will give us more clues.
Copying, pasting, uploading new versions,etc of these objects is no problem. That's strange :-(
Regards, Josef
Hi Josef, I have tried changing ownership as you suggested, but am still getting the same error. Unfortunately already zapped my 2.6, so I can't do the export trick. I'd much appreciate it if anyone has ideas on this traceback. In this case, I'm trying to add the ZClass "OEFile". Thanks, AnThu =================== *Unauthorized* Sorry, a site error occurred. Traceback (innermost last): * Module ZPublisher.Publish, line 175, in publish_module_standard * Module ZPublisher.Publish, line 132, in publish * Module Zope.App.startup, line 204, in zpublisher_exception_hook * Module ZPublisher.Publish, line 101, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 39, in call_object * Module App.Factory, line 107, in index_html * Module OFS.DTMLMethod, line 130, in __call__ *<DTMLMethod instance at fdb380>* *URL: http://nwsops38.sfbay/attest/OEFile_addForm/manage_main* *Physical Path:*/attest/OEFile_addForm * Module DocumentTemplate.DT_String, line 474, in __call__ * Module OFS.DTMLMethod, line 123, in __call__ *<DTMLMethod instance at ea8410>* *URL: http://nwsops38.sfbay/header/manage_main* *Physical Path:*/header * Module DocumentTemplate.DT_String, line 474, in __call__ * Module DocumentTemplate.DT_In, line 703, in renderwob * Module DocumentTemplate.DT_With, line 76, in render Unauthorized: You are not allowed to access 'title_or_id' in this context (Also, an error occurred while attempting to render the standard error message.) =================== Josef Meile wrote:
Hi Anthu,
I just recently upgraded from 2.6 to 2.7 (running on Solaris). But now I can't add new ZClass objects anymore. I'm asked to login and then told I don't have permission.
One reason could be that you don't have the right permissions on your file system (suposing that you are running unix/linux) -> this depends on the message you are getting. I don't rememmber well what's the message for this kind of error. I think is something like "file erno permission denied". The permissions I used are read/write for the user running zope and group owning the files, and nothing for the other users (here I assume that you have a group for the zope user only). It will be something like:
% chown -R zopeuser:zopeuser <ZopeRoot> % chmod -R gu+rw <ZopeRoot> % chmod -R o-rwx <ZopeRoot> % find . -type d -exec chmod gu+x {} \; -> excecution perm. on folders
Then read the SETUID.txt on the doc folder to set the permissions of the var and Data.fs if you are running zope as root.
If the permissions are right on the file system and what you are getting is a zope "Unauthorized" exception, then try first exporting the ZClasses, then the data on the root folder from your old zope. Finally, import them on the a new empty zope 2.7.x install: first import the ZClases on the Products Folder, then the data. I don't know if this helps, but that's how I did the migration of my ZClasses on the past.
By the way, post a traceback, it will give us more clues.
Copying, pasting, uploading new versions,etc of these objects is no problem.
That's strange :-(
Regards, Josef _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Anthu Nguyen wrote at 2004-11-16 12:54 -0800:
... *Unauthorized* Sorry, a site error occurred. ... *<DTMLMethod instance at ea8410>* *URL: http://nwsops38.sfbay/header/manage_main* *Physical Path:*/header * Module DocumentTemplate.DT_String, line 474, in __call__ * Module DocumentTemplate.DT_In, line 703, in renderwob * Module DocumentTemplate.DT_With, line 76, in render
Unauthorized: You are not allowed to access 'title_or_id' in this context (Also, an error occurred while attempting to render the standard error message.)
The "DTMLMethod at '/header/manage_main'" tries to access "title_or_id" and is not allowed to. You can install "VerboseSecurity" (latest version, if possible from the Zope CVS). This will give you more detailed information. Should you not be willing to install "VerboseSecurity", you will need to deduce for what object "title_or_id" is called and why it is not allowed. -- Dieter
*Hi Dieter,* *Thanks for your help.* *This is what VerboseSecurity gave me. Any ideas?* ** *- AnThu* ** *==================== * * * *Unauthorized* Sorry, a site error occurred. Traceback (innermost last): * Module ZPublisher.Publish, line 175, in publish_module_standard * Module ZPublisher.Publish, line 132, in publish * Module Zope.App.startup, line 204, in zpublisher_exception_hook * Module ZPublisher.Publish, line 101, in publish * Module ZPublisher.mapply, line 88, in mapply * Module ZPublisher.Publish, line 39, in call_object * Module App.Factory, line 107, in index_html * Module OFS.DTMLMethod, line 130, in __call__ *<DTMLMethod instance at e7eef0>* *URL: http://nwsops38.sfbay/attest/OEFile_addForm/manage_main* *Physical Path:*/attest/OEFile_addForm * Module DocumentTemplate.DT_String, line 474, in __call__ * Module OFS.DTMLMethod, line 123, in __call__ *<DTMLMethod instance at ddfe30>* *URL: http://nwsops38.sfbay/header/manage_main* *Physical Path:*/header * Module DocumentTemplate.DT_String, line 474, in __call__ * Module DocumentTemplate.DT_In, line 703, in renderwob * Module DocumentTemplate.DT_With, line 76, in render * Module Products.VerboseSecurity.VerboseSecurityPolicy, line 151, in validate Unauthorized: The container has no security assertions. Access to 'title_or_id' of (FactoryDispatcher instance at e68510) denied. (Also, an error occurred while attempting to render the standard error message.) *==================== * Dieter Maurer wrote:
Anthu Nguyen wrote at 2004-11-16 12:54 -0800:
... *Unauthorized* Sorry, a site error occurred. ... *<DTMLMethod instance at ea8410>* *URL: http://nwsops38.sfbay/header/manage_main* *Physical Path:*/header * Module DocumentTemplate.DT_String, line 474, in __call__ * Module DocumentTemplate.DT_In, line 703, in renderwob * Module DocumentTemplate.DT_With, line 76, in render
Unauthorized: You are not allowed to access 'title_or_id' in this context (Also, an error occurred while attempting to render the standard error message.)
The "DTMLMethod at '/header/manage_main'" tries to access "title_or_id" and is not allowed to.
You can install "VerboseSecurity" (latest version, if possible from the Zope CVS). This will give you more detailed information.
Should you not be willing to install "VerboseSecurity", you will need to deduce for what object "title_or_id" is called and why it is not allowed.
Anthu Nguyen wrote at 2004-11-17 13:16 -0800:
... *Unauthorized* ... * Module OFS.DTMLMethod, line 123, in __call__ *<DTMLMethod instance at ddfe30>* *URL: http://nwsops38.sfbay/header/manage_main* *Physical Path:*/header * Module DocumentTemplate.DT_String, line 474, in __call__ * Module DocumentTemplate.DT_In, line 703, in renderwob * Module DocumentTemplate.DT_With, line 76, in render * Module Products.VerboseSecurity.VerboseSecurityPolicy, line 151, in validate
Unauthorized: The container has no security assertions. Access to 'title_or_id' of (FactoryDispatcher instance at e68510) denied. (Also, an error occurred while attempting to render the standard error message.)
This is very strange: It is true that a "FactoryDispatcher" ("App.FactoryDispatcher.FactoryDispatcher") does not have security assertions. But usually, it does not have a "title_or_id" either. Therefore, it should not be relevant with respect to "title_or_id" access that it lacks security assertions. Maybe, it is a bug introduced with the security tighening introduced in Zope 2.7.3 (there was some discussion about such a bug in the mailing list (zope-dev, I think)). You can try to add a "__role__ = None" and maybe a "__allow_access_to_unprotected_subobjects__ = 1" to the "FactoryDispatcher" class (--> "App/FactoryDispatcher.py") to see whether the problem disappears. These two attributes will provide security assertions for the factory. Your "header/manage_main" DTML Method seems a bit strange, too. Why does it use a "dtml-in" and in it a "dtml-with" and in it access to "title_or_id". This is somewhat unexpected in the add form of a ZClass. -- Dieter
participants (3)
-
Anthu Nguyen -
Dieter Maurer -
Josef Meile