[Grok-dev] Using z3c.jsonrpc with grok and ForbiddenAttribute issues

Calvin Hendryx-Parker calvin at sixfeetup.com
Sat May 31 00:37:24 EDT 2008 

Hi All,

I'd like to be able to use z3c.jsonrpc with Grok so I can provide 
JSON-RPC specific methods to some of my models.  I finally got it 
installed and I have added the needed ZCML to wire it up to my model, 
but now I'm running into security issues.

Here is my example, I have a Note class that is a grok.Model and I have 
put a marker interface on it so I can associate my jsonrpc with it like 
this:

   <z3c:jsonrpc
     for=".interfaces.INote"
     class=".note.NoteJSON"
     permission="brnf.notes"
     methods="edit"/>

Now from my GUI app, I'm using MochiKit's JsonRpcProxy to access this 
"edit" method on my model.  When I make the request I get this:

------
2008-05-31T00:13:24 ERROR root 
/Users/calvin/.buildout/eggs/zope.publisher-3.5.0a1.dev_r78838-py2.4.egg/zope/publisher/publish.py 
line 130 in publish
=> 'obj = request.traverse(obj)'
** zope.security.interfaces.ForbiddenAttribute: ('get', 
<factoryapp.factory.FactoryApp object at 0x2d138f0>)
/Users/calvin/.buildout/eggs/z3c.jsonrpc-0.5.1-py2.4.egg/z3c/jsonrpc/publisher.py 
line 181 in traverse
=> 'return super(JSONRPCRequest, self).traverse(object)'
** zope.security.interfaces.ForbiddenAttribute: ('get', 
<factoryapp.factory.FactoryApp object at 0x2d138f0>)
/Users/calvin/.buildout/eggs/zope.publisher-3.5.0a1.dev_r78838-py2.4.egg/zope/publisher/http.py 
line 453 in traverse
=> 'ob = super(HTTPRequest, self).traverse(obj)'
** zope.security.interfaces.ForbiddenAttribute: ('get', 
<factoryapp.factory.FactoryApp object at 0x2d138f0>)
/Users/calvin/.buildout/eggs/zope.publisher-3.5.0a1.dev_r78838-py2.4.egg/zope/publisher/base.py 
line 263 in traverse
=> 'obj = publication.traverseName(self, obj, entry_name)'
** zope.security.interfaces.ForbiddenAttribute: ('get', 
<factoryapp.factory.FactoryApp object at 0x2d138f0>)
/Users/calvin/.buildout/eggs/zope.app.publication-3.4.2-py2.4.egg/zope/app/publication/publicationtraverse.py 
line 61 in traverseName
=> 'ob2 = adapter.publishTraverse(request, nm)'
** zope.security.interfaces.ForbiddenAttribute: ('get', 
<factoryapp.factory.FactoryApp object at 0x2d138f0>)
/Users/calvin/.buildout/eggs/grok-0.12-py2.4.egg/grok/components.py line 
396 in publishTraverse
=> 'subob = self.traverse(name)'
** zope.security.interfaces.ForbiddenAttribute: ('get', 
<factoryapp.factory.FactoryApp object at 0x2d138f0>)
/Users/calvin/.buildout/eggs/grok-0.12-py2.4.egg/grok/components.py line 
439 in traverse
=> 'return self.context.get(name)'
** zope.security.interfaces.ForbiddenAttribute: ('get', 
<factoryapp.factory.FactoryApp object at 0x2d138f0>)


The error seems to happen as it starts to traverse my application and it 
doesn't even get to my Note instance which is a few levels down the path.

What ZCML voodoo am I missing to allow me to use z3c.jsonrpc with my app?

Thanks,
Calvin

-- 
S i x  F e e t  U p , I n c .  |  "Nowhere to go but open source"
Silicon Valley: +1 (650) 401-8579 x602
Midwest: +1 (317) 861-5948 x602
Toll-Free: 1-866-SIX-FEET
mailto:calvin at sixfeetup.com
http://www.sixfeetup.com  |  Zope/Plone Custom Development

More information about the Grok-dev mailing list