[Zope-PTK] Discussion Problems with PTK

Andy Dawkins andyd@nipltd.com
Wed, 6 Sep 2000 15:26:53 +0100 

ChrisW and Myself sat down and had a good look at this one.

Using Shanes ZDebug program we managed to find that in the
discussion_thread_view method it was line 14 that was throwing up the
unauthorised error:

01: <dtml-var standard_html_header>
02:
03: <h3>&dtml-title;</h3>
04:
05: <dtml-if "_.hasattr(this(), 'parentsInThread') and parentsInThread(1)">
06:  Above in thread:
07:  <dtml-if "_.len(this().parentsInThread()) > 5">... :</dtml-if>
08:  <dtml-in "parentsInThread(5)">
09:   <a href="&dtml-absolute_url;">&dtml-title;</a>
10:   <dtml-unless sequence-end>:</dtml-unless>
11:  </dtml-in>
12: </dtml-if>
13:
14: <dtml-tree branches="getReplies">
15:  <a href="&dtml-absolute_url;"><img border=0 src="<dtml-var
SCRIPT_NAME><dtml-var icon>"></a>
16:  <a href="&dtml-absolute_url;">&dtml-title;</a>,
17:  by <dtml-var Creator>
18:  on <dtml-var Date fmt="Date">
19: </dtml-tree>
20:
21: <dtml-var standard_html_footer>

Tracing this to the getReplies method in the PTKDemo.Discussions

01: def getReplies(self):
02:  """
03:  Return a sequence of the DiscussionResponse objects which are
04:  associated with this Discussable
05:  """
06:  catalog = self.portal_catalog
07:  results = self.getReplyResults()
08:  rids    = map(lambda x: x.data_record_id_, results)
09:  objects = map(catalog.getobject, rids)
10:  return objects

After going a little over the top with debug print statements we discovered
that there is nothing wrong with this method, Bit of a red herring :-(

So we reluctantly opened the can of worms that we loving refer to as
treetag.py
Seeing this line on the traceback:
 File Zope\lib\python\TreeDisplay\TreeTag.py, line 337, in tpRenderTABLE
we headed straight for line 337 to discover that the authorisation error has
actually been raised by the treetag.

331: if unauth:
332:  if have_arg('skip_unauthorized') and args['skip_unauthorized']:
333:   items=list(items)
334:   unauth.reverse()
335:   for i in unauth: del items[i]
336:  else:
337:   raise ValidationError, unauth

Changing the discussion_thread_view's line 14 to read:
14: <dtml-tree branches="getReplies" skip_unauthorized=1>
Stopped the unauthorised error message but of course meant that we couldn't
see anything.

So we gave the discussion_thread_view method the proxy role of 'Manager' and
that solved the issue permanantly.

So we tried the other roles:
Anonymous: Authentication Error
Member: Authentication Error
Owner: Success
Reviewer: Success
Manager: Success

So it seems that the DTML_method doesn't have access to the DiscussionItems,
why is this? My discussion_thread_view is indirectly owned by my Portal
Manager (aka Me)

Does setting the proxy role to 'Manager' raise any security issues?

Now the problem has stopped I can get back to working on swishdot but it
would be great to know the correct solution to this problem and most
importantantly can we make it go away?

Cheers
-Andy