Can't access a method 'in this context'
I have a XronDTMLMethod with the following body: ---- <dtml-let zoffice="superValues(['ZOffice Converter'])[0]"> <dtml-call "zoffice.getConverterByName('AsyncZlaveClient').fireNextConversion(_)"> </dtml-let> ---- So, it finds the nearest 'ZOffice Converter' instance (in the acquisition chain), names it 'zoffice', then attempts to do the call in the middle line. My ZOffice class has the following method defined: ---- def getConverterByName(self, converterName): """ """ return self._pluginConverters[converterName].__of__(self) ---- self._pluginConverters is a class level dictionary with keys of converter names and values of converter instances. The converter instances inherit from Acquisition.Implicit. However, when I 'Trigger' the XronDTMLMethod, I get the following error: ---- Traceback (most recent call last): File "D:\Zlave\zope251\lib\python\Products\Xron\XronDTMLMethod.py", line 141, in trigger REQUEST=REQUEST, RESPONSE=RESPONSE, kw=kw) File "D:\Zlave\zope251\lib\python\OFS\DTMLMethod.py", line 127, in __call__ r=apply(HTML.__call__, (self, client, REQUEST), kw) File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_String.py", line 473, in __call__ try: result = render_blocks(self._v_blocks, md) File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_Let.py", line 76, in render return render_blocks(self.section, md) File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_Util.py", line 159, in eval return eval(code, d) File "<string>", line 2, in f File "D:\Zlave\zope251\lib\python\AccessControl\DTML.py", line 29, in guarded_getattr return guarded_getattr(*args) File "D:\Zlave\zope251\lib\python\AccessControl\ZopeGuards.py", line 58, in guarded_getattr return inst.aq_acquire(name, aq_validate, validate) File "D:\Zlave\zope251\lib\python\AccessControl\ZopeGuards.py", line 40, in aq_validate return validate(inst, obj, name, v) File "D:\Zlave\zope251\lib\python\AccessControl\SecurityManager.py", line 83, in validate self._context) File "D:\Zlave\zope251\lib\python\AccessControl\ZopeSecurityPolicy.py", line 145, in validate raise Unauthorized(name, value) Unauthorized: You are not allowed to access fireNextConversion in this context ---- So, my question; why can't I call this method of my converter object? cheers, tim
I suspect you have not made any security assertions on your class. see: http://www.zope.org/Documentation/Books/ZDG/current/Security.stx hth, -Casey On Thursday 15 August 2002 10:12 am, Tim Hicks wrote:
I have a XronDTMLMethod with the following body:
---- <dtml-let zoffice="superValues(['ZOffice Converter'])[0]"> <dtml-call "zoffice.getConverterByName('AsyncZlaveClient').fireNextConversion(_)"> </dtml-let> ----
So, it finds the nearest 'ZOffice Converter' instance (in the acquisition chain), names it 'zoffice', then attempts to do the call in the middle line.
My ZOffice class has the following method defined:
---- def getConverterByName(self, converterName): """ """ return self._pluginConverters[converterName].__of__(self) ----
self._pluginConverters is a class level dictionary with keys of converter names and values of converter instances. The converter instances inherit from Acquisition.Implicit.
However, when I 'Trigger' the XronDTMLMethod, I get the following error:
---- Traceback (most recent call last):
File "D:\Zlave\zope251\lib\python\Products\Xron\XronDTMLMethod.py", line 141, in trigger REQUEST=REQUEST, RESPONSE=RESPONSE, kw=kw)
File "D:\Zlave\zope251\lib\python\OFS\DTMLMethod.py", line 127, in __call__ r=apply(HTML.__call__, (self, client, REQUEST), kw)
File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_String.py", line 473, in __call__ try: result = render_blocks(self._v_blocks, md)
File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_Let.py", line 76, in render return render_blocks(self.section, md)
File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_Util.py", line 159, in eval return eval(code, d)
File "<string>", line 2, in f
File "D:\Zlave\zope251\lib\python\AccessControl\DTML.py", line 29, in guarded_getattr return guarded_getattr(*args)
File "D:\Zlave\zope251\lib\python\AccessControl\ZopeGuards.py", line 58, in guarded_getattr return inst.aq_acquire(name, aq_validate, validate)
File "D:\Zlave\zope251\lib\python\AccessControl\ZopeGuards.py", line 40, in aq_validate return validate(inst, obj, name, v)
File "D:\Zlave\zope251\lib\python\AccessControl\SecurityManager.py", line 83, in validate self._context)
File "D:\Zlave\zope251\lib\python\AccessControl\ZopeSecurityPolicy.py", line 145, in validate raise Unauthorized(name, value)
Unauthorized: You are not allowed to access fireNextConversion in this context ----
So, my question; why can't I call this method of my converter object?
cheers,
tim
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
I suspect you have not made any security assertions on your class.
Casey, you were partly right... I had copied and pasted a very similar method (and it's security) but only remembered to change the actual method definition and not the security. *However*, correcting this mistake seems to have made no difference at all. I still receive exactly the same error message and traceback. To be sure, I deleted my product from the Control Panel (along with all instances), restarted Zope (2.5.1 btw) and then tested again... no joy though :-( Any more clues? I've got to say, 'context' and acquisition type stuff (if that's even relevant here) are pretty mysterious to me. cheers tim
On Thursday 15 August 2002 10:12 am, Tim Hicks wrote:
I have a XronDTMLMethod with the following body:
---- <dtml-let zoffice="superValues(['ZOffice Converter'])[0]"> <dtml-call "zoffice.getConverterByName('AsyncZlaveClient').fireNextConversion(_)"> </dtml-let> ----
So, it finds the nearest 'ZOffice Converter' instance (in the acquisition chain), names it 'zoffice', then attempts to do the call in the middle line.
My ZOffice class has the following method defined:
---- def getConverterByName(self, converterName): """ """ return self._pluginConverters[converterName].__of__(self) ----
self._pluginConverters is a class level dictionary with keys of converter names and values of converter instances. The converter instances inherit from Acquisition.Implicit.
However, when I 'Trigger' the XronDTMLMethod, I get the following error:
---- Traceback (most recent call last):
File "D:\Zlave\zope251\lib\python\Products\Xron\XronDTMLMethod.py", line 141, in trigger REQUEST=REQUEST, RESPONSE=RESPONSE, kw=kw)
File "D:\Zlave\zope251\lib\python\OFS\DTMLMethod.py", line 127, in __call__ r=apply(HTML.__call__, (self, client, REQUEST), kw)
File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_String.py", line 473, in __call__ try: result = render_blocks(self._v_blocks, md)
File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_Let.py", line 76, in render return render_blocks(self.section, md)
File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_Util.py", line 159, in eval return eval(code, d)
File "<string>", line 2, in f
File "D:\Zlave\zope251\lib\python\AccessControl\DTML.py", line 29, in guarded_getattr return guarded_getattr(*args)
File "D:\Zlave\zope251\lib\python\AccessControl\ZopeGuards.py", line 58, in guarded_getattr return inst.aq_acquire(name, aq_validate, validate)
File "D:\Zlave\zope251\lib\python\AccessControl\ZopeGuards.py", line 40, in aq_validate return validate(inst, obj, name, v)
File "D:\Zlave\zope251\lib\python\AccessControl\SecurityManager.py", line 83, in validate self._context)
File "D:\Zlave\zope251\lib\python\AccessControl\ZopeSecurityPolicy.py", line 145, in validate raise Unauthorized(name, value)
Unauthorized: You are not allowed to access fireNextConversion in this context ----
So, my question; why can't I call this method of my converter object?
cheers,
tim
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
What are the base classes of your class? Perhaps it is not traversable. Try subclassing OFS.SimpleItem.SimpleItem (unless you subclass something equivilant already) -Casey On Thursday 15 August 2002 01:54 pm, Tim Hicks wrote:
I suspect you have not made any security assertions on your class.
Casey,
you were partly right... I had copied and pasted a very similar method (and it's security) but only remembered to change the actual method definition and not the security.
*However*, correcting this mistake seems to have made no difference at all. I still receive exactly the same error message and traceback. To be sure, I deleted my product from the Control Panel (along with all instances), restarted Zope (2.5.1 btw) and then tested again... no joy though :-(
Any more clues? I've got to say, 'context' and acquisition type stuff (if that's even relevant here) are pretty mysterious to me.
cheers
tim
On Thursday 15 August 2002 10:12 am, Tim Hicks wrote:
I have a XronDTMLMethod with the following body:
---- <dtml-let zoffice="superValues(['ZOffice Converter'])[0]"> <dtml-call "zoffice.getConverterByName('AsyncZlaveClient').fireNextConversion(_)"> </dtml-let> ----
So, it finds the nearest 'ZOffice Converter' instance (in the acquisition chain), names it 'zoffice', then attempts to do the call in the middle line.
My ZOffice class has the following method defined:
---- def getConverterByName(self, converterName): """ """ return self._pluginConverters[converterName].__of__(self) ----
self._pluginConverters is a class level dictionary with keys of converter names and values of converter instances. The converter instances inherit from Acquisition.Implicit.
However, when I 'Trigger' the XronDTMLMethod, I get the following error:
---- Traceback (most recent call last):
File "D:\Zlave\zope251\lib\python\Products\Xron\XronDTMLMethod.py", line 141, in trigger REQUEST=REQUEST, RESPONSE=RESPONSE, kw=kw)
File "D:\Zlave\zope251\lib\python\OFS\DTMLMethod.py", line 127, in __call__ r=apply(HTML.__call__, (self, client, REQUEST), kw)
File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_String.py", line 473, in __call__ try: result = render_blocks(self._v_blocks, md)
File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_Let.py", line 76, in render return render_blocks(self.section, md)
File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_Util.py", line 159, in eval return eval(code, d)
File "<string>", line 2, in f
File "D:\Zlave\zope251\lib\python\AccessControl\DTML.py", line 29, in guarded_getattr return guarded_getattr(*args)
File "D:\Zlave\zope251\lib\python\AccessControl\ZopeGuards.py", line 58, in guarded_getattr return inst.aq_acquire(name, aq_validate, validate)
File "D:\Zlave\zope251\lib\python\AccessControl\ZopeGuards.py", line 40, in aq_validate return validate(inst, obj, name, v)
File "D:\Zlave\zope251\lib\python\AccessControl\SecurityManager.py", line 83, in validate self._context)
File "D:\Zlave\zope251\lib\python\AccessControl\ZopeSecurityPolicy.py", line 145, in validate raise Unauthorized(name, value)
Unauthorized: You are not allowed to access fireNextConversion in this context ----
So, my question; why can't I call this method of my converter object?
cheers,
tim
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
What are the base classes of your class? Perhaps it is not traversable. Try subclassing OFS.SimpleItem.SimpleItem (unless you subclass something equivilant already)
Spot on - I mixed in SimpleItem and that error went away. Thanks very much. *However*, the plot thickens ;-). So 'fireNextConversion()' now gets successfully called. After a getting the next item in a queue, a further method _doConversion() is then called by fireNextConversion. In _doConversion, I get hold of some html then I want to pass as argument to a zope python script (.zpy for ease of description here). The .zpy (named 'handleFiles') is 'contained' in the parent object of the plugin ( - the parent object subclasses ObjectManager). To get hold of this parent object (called 'zoffice' here), I use; zoffice = self.superValues(['ZOffice Converter'])[0] from _doConversion. This works, and I then call my .zpy like so; zoffice.handleFiles(...args...) handleFiles makes various 'manage_addFile|Folder|etc' calls successfully. It also calls some of its siblings (DTML Methods and zpy's) within zoffice. *However*, when it tries to call any (well, I've tried 2) class defined methods of zoffice, I get an error saying I can't access that method ('getBody' in this case) in this context again. Aaargh! See the full traceback below. That might be a bit of a complicated description (but I'm just trying to give you the 'context' ;-) ), so here's some pseudo-code to try to give you the idea of what I'm doing. class ZOffice(ObjectManager, PropertyManager, Simplitem.Item): ... self._pluginConverters = {'converter_name':converter_object} # e.g. def getConverterByName(self, converterName): """ returns wrapped Converter object """ def getBody(self, html): """ returns some edited html """ #And has the following defined in the ZODB handleFiles.zpy class Converter(SimpleItem, Implicit): def fireNextConversion(self): """ calls _doConversion """ def _doConversion(self, ...args...): zoffice = self.superValues(['ZOffice Converter'])[0] # gets a ZOffice object zoffice.handleFiles(...args...) I hope even some of that makes sense. So, unfortunately, my question remains, 'why can't I access getBody in that context?' hope you can help. tim Traceback (most recent call last): File "D:\Zlave\zope251\lib\python\Products\Xron\XronDTMLMethod.py", line 141, in trigger REQUEST=REQUEST, RESPONSE=RESPONSE, kw=kw) File "D:\Zlave\zope251\lib\python\OFS\DTMLMethod.py", line 127, in __call__ r=apply(HTML.__call__, (self, client, REQUEST), kw) File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_String.py", line 473, in __call__ try: result = render_blocks(self._v_blocks, md) File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_Let.py", line 76, in render return render_blocks(self.section, md) File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_Util.py", line 159, in eval return eval(code, d) File "<string>", line 2, in f File "D:\Zlave\zope251\lib\python\Products\ZOffice\AsyncZlaveClient\AsyncZlaveCli ent.py", line 231, in fireNextConversion def getQueue(self): File "D:\Zlave\zope251\lib\python\Products\ZOffice\AsyncZlaveClient\AsyncZlaveCli ent.py", line 135, in _doConversion #delete the QueueFile File "D:\Zlave\zope251\lib\python\Shared\DC\Scripts\Bindings.py", line 252, in __call__ return self._bindAndExec(args, kw, None) File "D:\Zlave\zope251\lib\python\Shared\DC\Scripts\Bindings.py", line 283, in _bindAndExec return self._exec(bound_data, args, kw) File "D:\Zlave\zope251\lib\python\Products\PythonScripts\PythonScript.py", line 302, in _exec result = apply(f, args, kw) File "Script (Python)", line 9, in handleFiles File "D:\Zlave\zope251\lib\python\AccessControl\ZopeGuards.py", line 58, in guarded_getattr return inst.aq_acquire(name, aq_validate, validate) File "D:\Zlave\zope251\lib\python\AccessControl\ZopeGuards.py", line 40, in aq_validate return validate(inst, obj, name, v) File "D:\Zlave\zope251\lib\python\AccessControl\SecurityManager.py", line 83, in validate self._context) File "D:\Zlave\zope251\lib\python\AccessControl\ZopeSecurityPolicy.py", line 200, in validate raise Unauthorized(name, value) Unauthorized: You are not allowed to access getBody in this context
-Casey
On Thursday 15 August 2002 01:54 pm, Tim Hicks wrote:
I suspect you have not made any security assertions on your class.
Casey,
you were partly right... I had copied and pasted a very similar method (and it's security) but only remembered to change the actual method definition and not the security.
*However*, correcting this mistake seems to have made no difference at all. I still receive exactly the same error message and traceback. To be sure, I deleted my product from the Control Panel (along with all instances), restarted Zope (2.5.1 btw) and then tested again... no joy though :-(
Any more clues? I've got to say, 'context' and acquisition type stuff (if that's even relevant here) are pretty mysterious to me.
cheers
tim
On Thursday 15 August 2002 10:12 am, Tim Hicks wrote:
I have a XronDTMLMethod with the following body:
---- <dtml-let zoffice="superValues(['ZOffice Converter'])[0]"> <dtml-call
"zoffice.getConverterByName('AsyncZlaveClient').fireNextConversion(_)">
</dtml-let> ----
So, it finds the nearest 'ZOffice Converter' instance (in the acquisition chain), names it 'zoffice', then attempts to do the call in the middle line.
My ZOffice class has the following method defined:
---- def getConverterByName(self, converterName): """ """ return self._pluginConverters[converterName].__of__(self) ----
self._pluginConverters is a class level dictionary with keys of converter names and values of converter instances. The converter instances inherit from Acquisition.Implicit.
However, when I 'Trigger' the XronDTMLMethod, I get the following error:
---- Traceback (most recent call last):
File "D:\Zlave\zope251\lib\python\Products\Xron\XronDTMLMethod.py", line 141, in trigger REQUEST=REQUEST, RESPONSE=RESPONSE, kw=kw)
File "D:\Zlave\zope251\lib\python\OFS\DTMLMethod.py", line 127, in __call__ r=apply(HTML.__call__, (self, client, REQUEST), kw)
File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_String.py", line 473, in __call__ try: result = render_blocks(self._v_blocks, md)
File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_Let.py", line 76, in render return render_blocks(self.section, md)
File "D:\Zlave\zope251\lib\python\DocumentTemplate\DT_Util.py", line 159, in eval return eval(code, d)
File "<string>", line 2, in f
File "D:\Zlave\zope251\lib\python\AccessControl\DTML.py", line 29, in guarded_getattr return guarded_getattr(*args)
File "D:\Zlave\zope251\lib\python\AccessControl\ZopeGuards.py", line 58, in guarded_getattr return inst.aq_acquire(name, aq_validate, validate)
File "D:\Zlave\zope251\lib\python\AccessControl\ZopeGuards.py", line 40, in aq_validate return validate(inst, obj, name, v)
File "D:\Zlave\zope251\lib\python\AccessControl\SecurityManager.py", line 83, in validate self._context)
File "D:\Zlave\zope251\lib\python\AccessControl\ZopeSecurityPolicy.py", line 145, in validate raise Unauthorized(name, value)
Unauthorized: You are not allowed to access fireNextConversion in this context ----
So, my question; why can't I call this method of my converter object?
cheers,
tim
_______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Tim Hicks wrote:
I hope even some of that makes sense. So, unfortunately, my question remains, 'why can't I access getBody in that context?'
Does it have a security assertion? Dooes the user have a role that has that permission mapped? After that, just go to line 200 in ZopeSecurityPolicy.py and work your way back until you find out why it's doing that... cheers, Chris
Tim Hicks wrote:
I hope even some of that makes sense. So, unfortunately, my question remains, 'why can't I access getBody in that context?'
Does it have a security assertion? Dooes the user have a role that has that permission mapped?
Yes to both.
After that, just go to line 200 in ZopeSecurityPolicy.py and work your way back until you find out why it's doing that...
Ok, I've been doing that. Line 200 in ZopeSecurityPolicy.py raises Unauthorised because: accessedbase is containerbase which equates to: getattr(accessed, 'aq_base', container) is aq_base(container) So, the unwrapped object that I'm trying to access the getBody method on is the same as the unwrapped container object of the ___ (I don't know what - I presume 'of the object I'm trying to access'). 'def validate' has the following description of its arguments: """ accessed -- the object that was being accessed container -- the object the value was found in """ So, as I (mis?)understand it, I'm not allowed to access getBody because in my acquisition chain, the object it is a method of is its own parent. I don't know how that could be happening. At the moment, I'm trying to pass in the aq_parent of the XronDtmlMethod as the context when it calls fireNextConversion(). The aq_parent is not the ZOffice instance. I'm getting a little lost! To make matters worse, even if I overcome this problem, it appears the security policy is about to 'Unauthorize' me anyway. Line 201 of ZopeSecurityPolicy.py returns 0, so I'm just not doing things right I think :-(. I'm not sure why different methods are getting treated differently by zope. If I add a zpy to the zoffice instance (named 'getBody2') that returns some text, 'handleFiles' will successfully call it (as it successfully calls manage_addFolder etc). Not sure if I've managed to ask more questions, or just muddied the water further. If anyone has any suggestions, I'd love to hear from you. cheers tim
Tim Hicks writes:
... Ok, I've been doing that. Line 200 in ZopeSecurityPolicy.py raises Unauthorised because:
accessedbase is containerbase
which equates to:
getattr(accessed, 'aq_base', container) is aq_base(container) This, e.g., happens, when "accessed" is not acquisition wrapped.
A standard problem is to include neither "Acquisition.Implicit" nor "Acquisition.Explicit" as base class. Instances, then, will not play well with Zope's security machinery. Dieter
Tim Hicks writes:
... Ok, I've been doing that. Line 200 in ZopeSecurityPolicy.py raises Unauthorised because:
accessedbase is containerbase
which equates to:
getattr(accessed, 'aq_base', container) is aq_base(container) This, e.g., happens, when "accessed" is not acquisition wrapped.
A standard problem is to include neither "Acquisition.Implicit" nor "Acquisition.Explicit" as base class. Instances, then, will not play well with Zope's security machinery.
Both my ZOffice object and the converter plugins that are sub-objects inherit from SimpleItem.SimpleItem. I've set up some debug logging and it reveals that each of the objects does indeed have an '__of__' method. Indeed, the '_doConversion' method on my converter object calls 'self.handleFiles()', which it successfully acquires from its parent (ZOffice) object. So, I don't think it's a problem of not having acquisition wrappers. Further checks reveal that the user (who I am programatically logging in) does indeed have have suitable roles ('Manager') to do what I want. As for why 'accessedbase is containerbase', I'm still no nearer finding out. With my converter plugin as self: self.absolute_url() => http://domain.com:8080/ZOffice/ self.aq_parent.absolute_url() => http://domain.com:8080/ZOffice # n.b. no trailing slash self.aq_parent.aq_parent.absolute_url() => http://domain.com:8080 # n.b. no trailing slash So, to recap: I'm calling self.handleFiles() from my converter. handleFiles is acquired from the ZOffice instance and is a zpy. handleFiles makes various successful calls to manage_add*, and methods/scripts visible from the ZMI, but it raises Unauthorised when I try to call a method of ZOffice defined in its class. Any ideas? tim ps My plugins are stored in a dictionary on my ZOffice instance (so they don't appear in the ZMI). The method 'getConverterByName(self, name)' explicitly returns converter.__of__(self) to ensure the acquisition chain makes sense.
Tim Hicks wrote:
Further checks reveal that the user (who I am programatically logging in) does indeed have have suitable roles ('Manager') to do what I want.
How are you programatically logging in?
ps My plugins are stored in a dictionary on my ZOffice instance (so they don't appear in the ZMI). The method 'getConverterByName(self, name)' explicitly returns converter.__of__(self) to ensure the acquisition chain makes sense.
My bet is still on a missed security definition somewhere... cheers, Chris
Tim Hicks wrote:
Further checks reveal that the user (who I am programatically logging in) does indeed have have suitable roles ('Manager') to do what I want.
How are you programatically logging in?
# 'self' is the plugin converter object folder = self.restrictedTraverse(path_to_folder) #Authenticate with the same acl_users as the original uploader acl_users = folder.acl_users user = acl_users.authenticate(qfile.user, qfile.passw, request={}) user = user.__of__(acl_users) newSecurityManager(None, user)
ps My plugins are stored in a dictionary on my ZOffice instance (so they don't appear in the ZMI). The method 'getConverterByName(self, name)' explicitly returns converter.__of__(self) to ensure the acquisition chain makes sense.
My bet is still on a missed security definition somewhere...
Debug log output reveals the following: 2002-08-20 00:10:41,871 DEBUG dir(self.aq_parent) => ['_objects', '_pluginConverters', 'asyncSuccess', 'cleanId', 'currentConverter', 'handleFiles', 'id', 'makeZPT', 'nullUpload', 'title', 'uploadBox', 'uploadBoxAsync', 'uploadDispatch', 'uploadDispatchAsync'] 2002-08-20 00:10:41,871 DEBUG self.aq_parent.__roles__ => ('Anonymous', 'Manager', 'sysUser', 'zlaveUser') 2002-08-20 00:10:41,901 DEBUG dir(user) => ['__', 'domains', 'name', 'roles'] 2002-08-20 00:10:41,901 DEBUG user.roles => ['Manager'] The getBody method works when called directly from dtml and has the following security... security.declareProtected('ZOffice Converter: Use', 'getBody') def getBody(self, html): ... 'Manager' does have the 'ZOffice Converter: Use' permission. tim
Tim Hicks wrote:
# 'self' is the plugin converter object folder = self.restrictedTraverse(path_to_folder) #Authenticate with the same acl_users as the original uploader acl_users = folder.acl_users user = acl_users.authenticate(qfile.user, qfile.passw, request={}) user = user.__of__(acl_users) newSecurityManager(None, user)
Urm, I don't know whether that'll work. If it doesn't error, you may experience weird security stuff happening later on... Urm, hang on... ;-)
Debug log output reveals the following:
2002-08-20 00:10:41,871 DEBUG dir(self.aq_parent) => ['_objects', '_pluginConverters', 'asyncSuccess', 'cleanId', 'currentConverter', 'handleFiles', 'id', 'makeZPT', 'nullUpload', 'title', 'uploadBox', 'uploadBoxAsync', 'uploadDispatch', 'uploadDispatchAsync'] 2002-08-20 00:10:41,871 DEBUG self.aq_parent.__roles__ => ('Anonymous', 'Manager', 'sysUser', 'zlaveUser') 2002-08-20 00:10:41,901 DEBUG dir(user) => ['__', 'domains', 'name', 'roles'] 2002-08-20 00:10:41,901 DEBUG user.roles => ['Manager']
And that helps me how? ;-) cheers, Chris
Tim Hicks wrote:
# 'self' is the plugin converter object folder = self.restrictedTraverse(path_to_folder) #Authenticate with the same acl_users as the original uploader acl_users = folder.acl_users user = acl_users.authenticate(qfile.user, qfile.passw, request={}) user = user.__of__(acl_users) newSecurityManager(None, user)
Urm, I don't know whether that'll work. If it doesn't error, you may experience weird security stuff happening later on...
Urm, hang on... ;-)
Do you have a better/correct way <crosses fingers and toes ;-)>?
Debug log output reveals the following:
2002-08-20 00:10:41,871 DEBUG dir(self.aq_parent) => ['_objects', '_pluginConverters', 'asyncSuccess', 'cleanId', 'currentConverter', 'handleFiles', 'id', 'makeZPT', 'nullUpload', 'title', 'uploadBox', 'uploadBoxAsync', 'uploadDispatch', 'uploadDispatchAsync'] 2002-08-20 00:10:41,871 DEBUG self.aq_parent.__roles__ => ('Anonymous', 'Manager', 'sysUser', 'zlaveUser') 2002-08-20 00:10:41,901 DEBUG dir(user) => ['__', 'domains', 'name', 'roles'] 2002-08-20 00:10:41,901 DEBUG user.roles => ['Manager']
And that helps me how? ;-)
Ah, good point some explanation in order perhaps ;-)! In the first line, I was just trying to show that I am successfully acquiring the ZOffice instance that is the parent of the plugin converter. The second line shows the __roles__ on the ZOffice object. I included this as ZopeSecurityPolicy.py seems to try to match this with the roles of the user. Hence, the last line is showing that the logged-in user does indeed have the 'Manager' role. I'll leave you to decide if that helps you ;-). cheers tim
Tim Hicks wrote:
# 'self' is the plugin converter object folder = self.restrictedTraverse(path_to_folder) #Authenticate with the same acl_users as the original uploader acl_users = folder.acl_users user = acl_users.authenticate(qfile.user, qfile.passw, request={}) user = user.__of__(acl_users) newSecurityManager(None, user)
Urm, I don't know whether that'll work. If it doesn't error, you may experience weird security stuff happening later on...
Urm, hang on... ;-)
Just in case anyone's interested, I'VE MADE IT WORK! Sorry to shout, but I'm feeling pretty pleased with myself :-))). The problem was apparently the line reading; user = user.__of__(acl_users) I presume this was screwing up my context because when I change this to; user = user.__of__(self.aq_parent) # aq_parent is my ZOffice instance which appears in the ZMI things work just as I want. Interestingly, I first tried; user = user.__of__(self) # self is the plugin converter object I could use the troublesome 'getBody' method of ZOffice, but I couldn't use 'manage_addFolder'. I have very little clue what is actually going on here, but things are working (for now), so I'm happy. So, the lesson for me I guess is to be *very* careful when logging in a user programatically. I think acl_users.authenticate() returns an unwrapped user object, so when you wrap it, you need to be sure to put it in the right aquisition context. Trial and error is my best way of figuring out what that is :-(. cheers tim ps Should say a thank you to Shane H for his VerboseSecurity product that set my mind at rest about my security settings and permissions when trying to get to the bottom of this.
participants (4)
-
Casey Duncan -
Chris Withers -
Dieter Maurer -
Tim Hicks