[Zope-dev] Security assertions / non-acquired objects

sean.upton@uniontrib.com sean.upton@uniontrib.com
Sun, 15 Sep 2002 22:25:48 -0700 

I have been spending a bunch of time pulling my hair out on this one, so any
insight that anyone might have would be appreciated.

I have been building a product that takes advantage of a module that I have
built to query an external data source (NNTP server for AP wire stories) for
items to be imported into a CMF site.  The product has an adapter that
returns a list of temporary objects to get access at external data. The
query method for the adapter that I have set up returns a plain-old list of
objects of a custom class; I would like to be able to get access to these
objects and their methods with TTW python scripts.  However, no matter what
security assertions I put into the class for the said objects, I still get
something along the line of:

The container has no security assertions. Access to 'Title' of (APStory
instance at a6704a0) denied.

I'm not sure if the security assertions are not working because the objects
within the list returned by my adapter object have no acquisition context,
or if the issue is something different...  

So say I have some method (that is itself declared as public) that returns
something like this:

[<APStory instance at aaa08b0>, <APStory instance at b2c7168>, <APStory
instance at b442a28>, <APStory instance at b1e9a60>, <APStory instance at
a8fa7a8>, <APStory instance at a406a28>, <APStory instance at a676f48>]

...without any problems (for example, I can traverse via URL to get this),
where each APStory object is a temporary, in-memory list that is just the
return value of my function.  However, whenever I try to access any of these
objects within the list from a TTW python script, I get Access denied.  All
I really want is to be able to access all the methods of each of these
objects without interference from Zope's security mechanism.

I'm totally baffled on this one (I've been through about 4 cups of coffee
already on this problem alone).  I'm using Zope 2.6a1 with VerboseSecurity
installed. Any help or pointers  is greatly appreciated.

Sean

+-----------------------------------------------------------
| Sean Upton
|  Site Technology Supervisor             SignOnSanDiego.com
|  Development & Integration     The San Diego Union-Tribune
|  619.718.5241                     sean.upton@uniontrib.com
|        PATH_TO_THE_DARK_SIDE = 'c:\winnt\system32'
+-----------------------------------------------------------