[Zope-dev] acquisition, traversal, __roles__(, and zpt?)
Chris McDonough
chrism@zope.com
Wed, 6 Feb 2002 02:50:36 -0500
Maybe silly questions, but: Do you call InitializeGlobals() on ObjectX's
class (usually at the end of the module where it's defined)? Does ObjectX
actually have a portal_url method defined on it (or inherited)?
----- Original Message -----
From: "Gary Poster" <garyposter@earthlink.net>
To: <zope-dev@zope.org>
Sent: Tuesday, February 05, 2002 11:36 AM
Subject: [Zope-dev] acquisition, traversal, __roles__(, and zpt?)
> Hi everyone.
>
> OK. I'm stumped. I'm doing funky tricks here to create an alias
> functionality somewhat similar to a transparent folder. In the belief
that
> brevity begets more possibility for answers, I won't tell you more, but
just
> get straight to the chase:
>
> Zope 2.5, CMF 1.2 (but I'm using the dev list rather than the ptk or zpt
> lists because it has to do with internals more, I think)
>
> During traversal, I have (intentionally) created an acquisition chain like
> this:
>
> <pageTemplate> <OBJECT X> <CMF root> <Zope root> <request>
>
> in which <OBJECT X> is an "alien" object inserted after the CMF root. By
> alien I mean it is not an actual child of the CMF root, nor the actual
> parent of the pageTemplate. The pageTemplate itself is arbitrarily stored
> *outside* of the CMF, and also inserted during traversal. <OBJECT X> was
> unwrapped (aq_base) and then wrapped __of__(<CMF root>), and the
> pageTemplate also unwrapped and then wrapped __of__(<OBJECT X>).
>
> Everything seems mostly fine with this with basic DTML stuff, even so far
as
> the DTML using CMF skins. However, ZPT pages give me security errors if I
> try to use a skin.
>
> I have traced this down, through the
> Products.PageTemplates.Expressions.RestrictedTraverse function, through
> security validation, to the fact that if the page template asks for an
> object like "nocall here/portal_url", and then traverses to get the
> portal_url, the portal_url is found but has no __roles__.
>
> __roles__ appear to be deep magic (AccessControl.PermissionRole). I don't
> quite understand how this property exists: I figure it must also have
> functional elements in the C acquisition code somewhere (which I have not
> worked through).
>
> <OBJECT X> has both __allow_access_to_unprotected_subobjects__ and
> security.declareObjectPublic(). I've tried not removing the "real"
wrappers
> of <OBJECT X> and the page template, to no avail.
>
> Heh. Any ideas?
>
> Thanks
>
> Crazy Gary
>
>
> _______________________________________________
> Zope-Dev maillist - Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> ** No cross posts or HTML encoding! **
> (Related lists -
> http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope )
>