[Zope-CMF] Re: Unauthorized errors on macro access
Tres Seaver
tseaver at palladion.com
Mon Apr 3 09:51:13 EDT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jens Vagelpohl wrote:
> Just about done with the Fiveification of CMFCalendar, there's just one
> issue with the calendar box. I keep getting Unauthorized exceptions
> when trying to get to the macro for the box from the main template.
>
> In main_template I put the following (this is just for testing and
> won't go into 2.0):
>
> <div metal:use-macro="context/@@calendar_widget/calendarBox">
> <!-- CMFCalendar not Installed -->
> </div>
>
> The calendar_widget view is declared in CMFCalendar/browser/
> configure.zcml:
>
> <browser:page
> for="*"
> name="calendar_widget"
> class=".calendar.CalendarView"
> template="templates/calendar_widgets.pt"
> permission="zope2.View"
> layer="cmf"
> />
>
> calendar_widgets.pt declares the calendarBox macro, that stuff is just
> copied and pasted from the old calendarBox.pt.
>
> Whenever the main_template renders, I get Unauthorized errors ending in
> this:
>
> File "/usr/local/zope/opt/Zope-2.9-branch/lib/python/Products/
> PageTemplates/Expressions.py", line 127, in _eval
> ob = restrictedTraverse(ob, path, getSecurityManager())
> File "/usr/local/zope/opt/Zope-2.9-branch/lib/python/Products/
> PageTemplates/Expressions.py", line 326, in restrictedTraverse
> if not validate(object, object, None, o):
> File "/usr/local/zope/opt/Zope-2.9-branch/lib/python/AccessControl/
> ImplPython.py", line 564, in validate
> self._context)
> File "/usr/local/zope/opt/Zope-2.9-branch/lib/python/AccessControl/
> ImplPython.py", line 334, in validate
> accessed, container, name, value, context)
> File "/usr/local/zope/opt/Zope-2.9-branch/lib/python/AccessControl/
> ImplPython.py", line 809, in raiseVerbose
> raise Unauthorized(text)
> Unauthorized: The container has no security assertions. Access to None
> of (Products.Five.metaclass.SimpleViewClass from /usr/local/zope/
> CMF20Instance/Products/CMFCalendar/browser/templates/
> calendar_widgets.pt object at 0x3527dd0) denied.
>
> Stepping through the code tells me that it barfs when trying to access
> the name "calendarBox" from this instance:
> <Products.Five.metaclass.SimpleViewClass from /usr/local/zope/
> CMF20Instance/Products/CMFCalendar/browser/templates/
> calendar_widgets.pt object at 0x3527dd0>.
>
> Does anyone know what to do here?
>
> jens
>
I think it is actually blowing up trying to validate access to the
'macros' object from your view. I was able to work around that part by
adding the following view class:
- ---------------------- %< ------------------------------------
from AccessControl.SecurityInfo import ClassSecurityInfo
from Globals import InitializeClass
from Products.Five.browser import BrowserView
from Products.CMFCalendar.permissions import View
class CalendarWidgetView(BrowserView):
security = ClassSecurityInfo()
security.declareProtected(View, 'macros')
def _macros(self):
return self.index.macros
macros = property(_macros, None, None)
InitializeClass(CalendarWidgetView)
- ---------------------- %< ------------------------------------
Tres.
- --
===================================================================
Tres Seaver +1 202-558-7113 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEMShR+gerLs4ltQ4RAg6yAJwOhr5AIA4eJxKY523YxHE3td6DFQCgvR23
22FXEZB/XxRqzcrXATZ15rw=
=hL0s
-----END PGP SIGNATURE-----
More information about the Zope-CMF
mailing list