[Grok-dev] five.grok ZopeTwoDirectoryResource and security
Martin Aspeli
optilude+lists at gmail.com
Mon Mar 23 05:01:01 EDT 2009
Sylvain Viollon wrote:
> Le Fri, 20 Mar 2009 13:34:11 +0900,
> Martin Aspeli <optilude+lists at gmail.com> a écrit :
>
>> Hi again,
>>
>
> Hello,
>
>> Sorry for the flood of little issues...
>>
>> I am using an auto-registered 'static' directory in my package. This
>> works when I traverse to it via URL
>> (http://example.com/siteroot/++resource++my.package/foo.css).
>>
>> However, in Plone, the ResourceRegistries has some code that attempts
>> to do an 'exists:' path expression on the resource to decide whether
>> to include it when the CSS is cooked into a single stylesheet. This
>> returns false.
>>
>> I found the cause though: If I try to do path-traverse to
>> portal/++resource++my.package/foo.css, I get an Unauthorized
>> exception: "the container has no security assertions". "The
>> container" here is the ZopeTwoDirectoryResource.
>>
>> This does not happen with a <browser:resourceDirectory /> registered
>> in ZCML.
>>
>
> Could you make a launchpad issue ? It will be the first one:
>
> https://bugs.edge.launchpad.net/five.grok
>
> I can look at it / and fix it (or you can do it if you want).
Done!
https://bugs.edge.launchpad.net/five.grok/+bug/347162
I don't know when I'll have time to revisit this, so if you can, that'd
be great.
Martin
--
Author of `Professional Plone Development`, a book for developers who
want to work with Plone. See http://martinaspeli.net/plone-book
More information about the Grok-dev
mailing list