Re: [Zope] security assertion needed for dictionary?
I have the exact same problem and have been unable to find a solution anywhere. Were you ever able to resolve this? sfmcfar wrote:
I apologize for cross-posting from the plone newsgroup. but after posting this I realized that this was more of a Zope issue than a Plone one. I wish I could cut-and-paste (development is on the other side of a firewall), so instead I'll be as clear as I can.
Anyway, I have a Plone product that contains a method called getFeedSequence() that returns the result (a dictionary) from feedparser.parse() (Feedparser is the generic RSS/Atom parser).
In my template, I can do:
<div tal:define="myFeed python:getFeedSequence()"> <div tal:content="python:myFeed">
And see the string representation of the dictionary with no problem. But if I try and access a member of the sequence:
<div tal:define="myFeed python:getFeedSequence()"> <div tal:content="python:myFeed['feed']['title']">
VerboseSecurity reports "The container has no security assertions. Access to None of {[the entire RSS dictionary goes here]} denied."
How can I have permission to access the entire sequence but not a portion of it? it appears to me that the sequence is fairly straightforward - a few nested dictionaries, but that's it. Does this make any sense?
Thanks,
Stan
-- View this message in context: http://www.nabble.com/security-assertion-needed-for-dictionary--tf3762061.ht... Sent from the Zope - General mailing list archive at Nabble.com.
Forgetting plone (which I know nothing about), dictionaries definitely do NOT need security assertions (like lists, strings, integers and all basic types). Are you SURE it's a dictionary? Most likely it just LOOKS like one when represented as a string. Try: <div tal:content="python:repr(myFeed)"> To see exactly what it is ... It might be an instance of some object that has a __str__ that makes it look like a dictionary? J.F. -----Original Message----- From: zope-bounces@zope.org [mailto:zope-bounces@zope.org] On Behalf Of tomvon Sent: June 18, 2007 11:36 To: zope@zope.org Subject: Re: [Zope] security assertion needed for dictionary? I have the exact same problem and have been unable to find a solution anywhere. Were you ever able to resolve this? sfmcfar wrote:
I apologize for cross-posting from the plone newsgroup. but after posting this I realized that this was more of a Zope issue than a Plone one. I wish I could cut-and-paste (development is on the other side of a firewall), so instead I'll be as clear as I can.
Anyway, I have a Plone product that contains a method called getFeedSequence() that returns the result (a dictionary) from feedparser.parse() (Feedparser is the generic RSS/Atom parser).
In my template, I can do:
<div tal:define="myFeed python:getFeedSequence()"> <div tal:content="python:myFeed">
And see the string representation of the dictionary with no problem. But if I try and access a member of the sequence:
<div tal:define="myFeed python:getFeedSequence()"> <div tal:content="python:myFeed['feed']['title']">
VerboseSecurity reports "The container has no security assertions. Access to None of {[the entire RSS dictionary goes here]} denied."
How can I have permission to access the entire sequence but not a portion of it? it appears to me that the sequence is fairly straightforward - a few nested dictionaries, but that's it. Does this
make any sense?
Thanks,
Stan
-- View this message in context: http://www.nabble.com/security-assertion-needed-for-dictionary--tf376206 1.html#a11178187 Sent from the Zope - General mailing list archive at Nabble.com. _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
<dtml-var "repr(newsfd)"> does the same as <dtml-var newsfd>. Here's a snippet of what it shows: {'feed': {'subtitle': u'', 'links': [{'href': u'http://www.modscape.com/blog', 'type': 'text/html', 'rel': 'alternate'}], 'title': u'modscape.com Home', 'subtitle_detail': {'base': 'http://www.modscape.com/blog/rss.xml', 'type': 'text/html', 'value': u'', 'language': None}, 'title_detail': {'base': 'http://www.modscape.com/blog/rss.xml', 'type': 'text/plain', 'value': u'modscape.com Home', 'language': None}, 'link': u'http://www.modscape.com/blog'}, 'status': 200, 'updated': (2007, 6, 18, 15, 54, 24, 0, 169, 0), 'encoding': 'iso-8859-15', 'bozo': 0, 'href': 'http://www.modscape.com/blog/rss.xml', 'headers': {'content-length': '18486', 'via': '1.0 px02.bc.fw.cbs.net:80 (squid)', 'x-cache': 'MISS from px02.bc.fw.cbs.net', 'x-powered-by': 'Zope (www.zope.org), Python (www.python.org)', 'x-cache-lookup': 'HIT from px02.bc.fw.cbs.net:80', 'expires': 'Mon, 18 Jun 2007 16:54:24 GMT', 'server': 'Apache/2.0.52 (Red Hat) DAV/2 SVN/1.2.3 mod_ssl/2.0.52 OpenSSL/0.9.7a PHP/5.1.2 mod_fastcgi/2.4.2', 'last-modified': 'Mon, 18 Jun 2007 15:54:24 GMT', 'connection': 'close', 'cache-control': 'max-age=3600', 'date': 'Mon, 18 Jun 2007 15:54:24 GMT', 'content-type': 'text/xml; charset=iso-8859-15'}, 'version': 'rss20', 'etag': None, 'namespaces': {}, 'entries': [{'updated': u'Mon, Sep 04 2006, 06:23PM', 'updated_parsed': None, 'links': [{'href': u'http://www.modscape.com/blog/index_html?showall=yes#id1157412223', 'type': 'text/html', 'rel': 'alternate'}], 'title': u'Ubuntu: Linux For Human Beings', 'summary_detail': {'base': 'http://www.modscape.com/blog/rss.xml', 'type': 'text/html', 'value': u'ubuntu.jpg\n\nTom wrote: Doyon, Jean-Francois-2 wrote:
Forgetting plone (which I know nothing about), dictionaries definitely do NOT need security assertions (like lists, strings, integers and all basic types).
Are you SURE it's a dictionary? Most likely it just LOOKS like one when represented as a string.
Try:
<div tal:content="python:repr(myFeed)">
To see exactly what it is ... It might be an instance of some object that has a __str__ that makes it look like a dictionary?
J.F.
-----Original Message----- From: zope-bounces@zope.org [mailto:zope-bounces@zope.org] On Behalf Of tomvon Sent: June 18, 2007 11:36 To: zope@zope.org Subject: Re: [Zope] security assertion needed for dictionary?
I have the exact same problem and have been unable to find a solution anywhere. Were you ever able to resolve this?
sfmcfar wrote:
I apologize for cross-posting from the plone newsgroup. but after posting this I realized that this was more of a Zope issue than a Plone one. I wish I could cut-and-paste (development is on the other side of a firewall), so instead I'll be as clear as I can.
Anyway, I have a Plone product that contains a method called getFeedSequence() that returns the result (a dictionary) from feedparser.parse() (Feedparser is the generic RSS/Atom parser).
In my template, I can do:
<div tal:define="myFeed python:getFeedSequence()"> <div tal:content="python:myFeed">
And see the string representation of the dictionary with no problem. But if I try and access a member of the sequence:
<div tal:define="myFeed python:getFeedSequence()"> <div tal:content="python:myFeed['feed']['title']">
VerboseSecurity reports "The container has no security assertions. Access to None of {[the entire RSS dictionary goes here]} denied."
How can I have permission to access the entire sequence but not a portion of it? it appears to me that the sequence is fairly straightforward - a few nested dictionaries, but that's it. Does this
make any sense?
Thanks,
Stan
-- View this message in context: http://www.nabble.com/security-assertion-needed-for-dictionary--tf376206 1.html#a11178187 Sent from the Zope - General mailing list archive at Nabble.com.
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
-- View this message in context: http://www.nabble.com/security-assertion-needed-for-dictionary--tf3762061.ht... Sent from the Zope - General mailing list archive at Nabble.com.
I just downloaded and checked.
d = feedparser.parse('http://feedparser.org/docs/examples/atom10.xml') d.__class__ <class 'feedparser.FeedParserDict'>
It looks like a dict, but it isn't. You will need to put security assertions on that class ... See the security section of the Zope book for info on how to do that. J.F. -----Original Message----- From: zope-bounces@zope.org [mailto:zope-bounces@zope.org] On Behalf Of tomvon Sent: June 18, 2007 11:57 To: zope@zope.org Subject: [Zope] RE: security assertion needed for dictionary? <dtml-var "repr(newsfd)"> does the same as <dtml-var newsfd>. Here's a snippet of what it shows: {'feed': {'subtitle': u'', 'links': [{'href': u'http://www.modscape.com/blog', 'type': 'text/html', 'rel': 'alternate'}], 'title': u'modscape.com Home', 'subtitle_detail': {'base': 'http://www.modscape.com/blog/rss.xml', 'type': 'text/html', 'value': u'', 'language': None}, 'title_detail': {'base': 'http://www.modscape.com/blog/rss.xml', 'type': 'text/plain', 'value': u'modscape.com Home', 'language': None}, 'link': u'http://www.modscape.com/blog'}, 'status': 200, 'updated': (2007, 6, 18, 15, 54, 24, 0, 169, 0), 'encoding': 'iso-8859-15', 'bozo': 0, 'href': 'http://www.modscape.com/blog/rss.xml', 'headers': {'content-length': '18486', 'via': '1.0 px02.bc.fw.cbs.net:80 (squid)', 'x-cache': 'MISS from px02.bc.fw.cbs.net', 'x-powered-by': 'Zope (www.zope.org), Python (www.python.org)', 'x-cache-lookup': 'HIT from px02.bc.fw.cbs.net:80', 'expires': 'Mon, 18 Jun 2007 16:54:24 GMT', 'server': 'Apache/2.0.52 (Red Hat) DAV/2 SVN/1.2.3 mod_ssl/2.0.52 OpenSSL/0.9.7a PHP/5.1.2 mod_fastcgi/2.4.2', 'last-modified': 'Mon, 18 Jun 2007 15:54:24 GMT', 'connection': 'close', 'cache-control': 'max-age=3600', 'date': 'Mon, 18 Jun 2007 15:54:24 GMT', 'content-type': 'text/xml; charset=iso-8859-15'}, 'version': 'rss20', 'etag': None, 'namespaces': {}, 'entries': [{'updated': u'Mon, Sep 04 2006, 06:23PM', 'updated_parsed': None, 'links': [{'href': u'http://www.modscape.com/blog/index_html?showall=yes#id1157412223', 'type': 'text/html', 'rel': 'alternate'}], 'title': u'Ubuntu: Linux For Human Beings', 'summary_detail': {'base': 'http://www.modscape.com/blog/rss.xml', 'type': 'text/html', 'value': u'ubuntu.jpg\n\nTom wrote: Doyon, Jean-Francois-2 wrote:
Forgetting plone (which I know nothing about), dictionaries definitely
do NOT need security assertions (like lists, strings, integers and all
basic types).
Are you SURE it's a dictionary? Most likely it just LOOKS like one when represented as a string.
Try:
<div tal:content="python:repr(myFeed)">
To see exactly what it is ... It might be an instance of some object that has a __str__ that makes it look like a dictionary?
J.F.
-----Original Message----- From: zope-bounces@zope.org [mailto:zope-bounces@zope.org] On Behalf Of tomvon Sent: June 18, 2007 11:36 To: zope@zope.org Subject: Re: [Zope] security assertion needed for dictionary?
I have the exact same problem and have been unable to find a solution anywhere. Were you ever able to resolve this?
sfmcfar wrote:
I apologize for cross-posting from the plone newsgroup. but after posting this I realized that this was more of a Zope issue than a Plone one. I wish I could cut-and-paste (development is on the other
side of a firewall), so instead I'll be as clear as I can.
Anyway, I have a Plone product that contains a method called getFeedSequence() that returns the result (a dictionary) from feedparser.parse() (Feedparser is the generic RSS/Atom parser).
In my template, I can do:
<div tal:define="myFeed python:getFeedSequence()"> <div tal:content="python:myFeed">
And see the string representation of the dictionary with no problem.
But if I try and access a member of the sequence:
<div tal:define="myFeed python:getFeedSequence()"> <div tal:content="python:myFeed['feed']['title']">
VerboseSecurity reports "The container has no security assertions. Access to None of {[the entire RSS dictionary goes here]} denied."
How can I have permission to access the entire sequence but not a portion of it? it appears to me that the sequence is fairly straightforward - a few nested dictionaries, but that's it. Does this
make any sense?
Thanks,
Stan
-- View this message in context: http://www.nabble.com/security-assertion-needed-for-dictionary--tf3762 06 1.html#a11178187 Sent from the Zope - General mailing list archive at Nabble.com.
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev ) _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
-- View this message in context: http://www.nabble.com/security-assertion-needed-for-dictionary--tf376206 1.html#a11178584 Sent from the Zope - General mailing list archive at Nabble.com. _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
participants (2)
-
Doyon, Jean-Francois -
tomvon