[Grok-dev] five.grok ZopeTwoDirectoryResource and security

Martin Aspeli optilude+lists at gmail.com
Mon Mar 23 05:01:01 EDT 2009


Sylvain Viollon wrote:
> Le Fri, 20 Mar 2009 13:34:11 +0900,
> Martin Aspeli <optilude+lists at gmail.com> a écrit :
> 
>> Hi again,
>>
> 
>   Hello,
> 
>> Sorry for the flood of little issues...
>>
>> I am using an auto-registered 'static' directory in my package. This 
>> works when I traverse to it via URL 
>> (http://example.com/siteroot/++resource++my.package/foo.css).
>>
>> However, in Plone, the ResourceRegistries has some code that attempts
>> to do an 'exists:' path expression on the resource to decide whether
>> to include it when the CSS is cooked into a single stylesheet. This
>> returns false.
>>
>> I found the cause though: If I try to do path-traverse to 
>> portal/++resource++my.package/foo.css, I get an Unauthorized
>> exception: "the container has no security assertions". "The
>> container" here is the ZopeTwoDirectoryResource.
>>
>> This does not happen with a <browser:resourceDirectory /> registered
>> in ZCML.
>>
> 
>   Could you make a launchpad issue ? It will be the first one:
> 
>   https://bugs.edge.launchpad.net/five.grok
> 
>   I can look at it / and fix it (or you can do it if you want).

Done!

https://bugs.edge.launchpad.net/five.grok/+bug/347162

I don't know when I'll have time to revisit this, so if you can, that'd 
be great.

Martin

-- 
Author of `Professional Plone Development`, a book for developers who
want to work with Plone. See http://martinaspeli.net/plone-book



More information about the Grok-dev mailing list