subscribe

17 Feb 2006


      zope-request@zope.org wrote:
...
Send Zope mailing list submissions to
  zope@zope.org
To subscribe or unsubscribe via the World Wide Web, visit
  http://mail.zope.org/mailman/listinfo/zope
or, via email, send a message with subject or body 'help' to
  zope-request@zope.org
You can reach the person managing the list at
  zope-owner@zope.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Zope digest..."
Today's Topics:
1. Re: Error Value: 'File' object has	no	attribute
     'manage_fixupOwnershipAfterAdd' (Jens Vagelpohl)
  2. Re: Re: restricting permissions for direct access only
     (Chris Withers)
  3. Re: Zope 2.9 and SSL (Chris Withers)
  4. Re: Granting access by reading http headers (Chris Withers)
  5. Re: Re: restricting permissions for direct access only
     (Chris Withers)
  6. Re: installing PIL on Window Zope (Josef Meile)
  7. SSL & Digest Auth (Chris Withers)
  8. Re: Re: installing PIL on Window Zope (Tino Wildenhain)
  9. Re: Zope 2.9 and SSL (Janusz Zamecki)
 10. Re: Re: restricting permissions for direct access only
     (Chris Withers)
 11. Re: Re: restricting permissions for direct access only
     (Chris Withers)
 12. Re: Zope 2.9 and SSL (Michael Haubenwallner)
 13. Re: installing PIL on Window Zope (Allen Huang)
 14. Re: SSL & Digest Auth (michael nt milne)
 15. Re: Error Value: 'File' object	has	no	attribute
     'manage_fixupOwnershipAfterAdd' (Roman Klesel)
 16. Re: SSL & Digest Auth (Andrew Milton)
 17. Re: Re: Re: major problems placing authentication on an
     extranet site-security flaw? (michael nt milne)
 18. Re: Error Value: 'File' object	has	no	attribute
     'manage_fixupOwnershipAfterAdd' (Stefan H. Holek)
 19. Re: SSL & Digest Auth (michael nt milne)
 20. Re: Error Value: 'File' object	has	no	attribute
     'manage_fixupOwnershipAfterAdd' (Roman Klesel)
 21. Re: installing PIL on Window Zope (Josef Meile)
 22. Re: Error Value: 'File'	object	has	no	attribute
     'manage_fixupOwnershipAfterAdd' (Roman Klesel)
 23. Re: restricting permissions for direct access only
     (Michael Shulman)
 24. Re: restricting permissions for direct access only (Tres Seaver)
 25. Re: Re: Re: major problems placing authentication on an
     extranet site-security flaw? (Floyd May)
 26. Re: Error Value: 'File' object	has	no	attribute
     'manage_fixupOwnershipAfterAdd' (Roman Klesel)
----------------------------------------------------------------------
Message: 1
Date: Thu, 16 Feb 2006 09:59:58 +0000
From: Jens Vagelpohl <jens@dataflake.org>
Subject: Re: [Zope] Error Value: 'File' object has	no	attribute
  'manage_fixupOwnershipAfterAdd'
To: zope list user <zope@zope.org>
Message-ID: <F7446EF5-44B9-42DE-BB5A-BF4EDDF4FB98@dataflake.org>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
On 16 Feb 2006, at 09:33, Roman Klesel wrote:
...
Hello Bruno,
bruno desthuilliers schrieb:
...
What's wrong with:
container.manage_addProduct['OFSP'].manage_addFile(id, file='',
title='', precondition='', content_type='', REQUEST=None)
Well, in a fs product I don't have container nor  
self.manage_addProduct or something (AFAIK).
Therefore I use the ._setObject() method.
Instead of "container" you substitute the object that you called  
_setObject on before. No rocket science here. If that object  
subclasses from the normal Zope Folder class (or is a Zope Folder)  
you *will* have manage_addProduct.
jens
------------------------------
Message: 2
Date: Thu, 16 Feb 2006 08:27:43 +0000
From: Chris Withers <chris@simplistix.co.uk>
Subject: Re: [Zope] Re: restricting permissions for direct access only
To: Tres Seaver <tseaver@palladion.com>
Cc: public-zope-CWUwpEBWKX0@ciao.gmane.org, zope@zope.org
Message-ID: <43F4377F.5050503@simplistix.co.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Tres Seaver wrote:
...
The prior behavior (allowing users to access protected resources "above"
the domain of their user folders) was a security hole caused by a bug,
and was never documented as allowable:  correcting it was a matter for a
rather urgent fix, as it broke the explicitly-documented model.
I don't think that's what Michael and I were commenting on...
IIRC, if you had scripta calling scriptb, you used to be able to give 
scripta a proxy role and scriptb would also execute with that role. 
However, again IIRC, in current Zope releases, if you give scripta a 
proxy role, when it calls scriptb, scriptb will just run with the roles 
of the current user.
Have I got this right? If so, I wonder why the change was made...
Chris

Khachatur Yengibaryan

tags

participants (1)