[Zope-dev] _.min and _.max still used by ZMI
Roger Espinosa
roger at umich.edu
Tue Jan 13 23:33:14 EST 2004
On Tuesday, January 13, 2004, at 11:21 PM, Travis Miller wrote:
> hi Dirk,
>
> i just (configure/make/make install)ed Zope-2.7.0-b4 and i immediately
> ran into the .min/.max/... security changes when i tried to rename an
> object through the ZMI.
I got around the min/max by adding them to the list on
RestrictedPython/Guards.py.
But b4 seemed to make any script trying to pass a zero-value parameter
raise unauthorized exceptions. Code like
ob.edit( is_exemplar=0 )
non longer worked. Traceback from another attempt attached below, when
"notify_instantly" was set to 0. (Passing an integer 1 *would* work.)
Roger
Traceback (most recent call last):
File "/usr/local/zope/App/lib/python/ZPublisher/Publish.py", line
100, in publ
ish
request, bind=1)
File "/usr/local/zope/App/lib/python/ZPublisher/mapply.py", line 88,
in mapply
if debug is not None: return debug(object,args,context)
File "/usr/local/zope/App/lib/python/ZPublisher/Publish.py", line 40,
in call_
object
result=apply(object,args) # Type s<cr> to step into published
object.
File
"/usr/local/zope/App/lib/python/Products/CMFCore/FSPythonScript.py",
line
92, in __call__
return Script.__call__(self, *args, **kw)
File "/usr/local/zope/App/lib/python/Shared/DC/Scripts/Bindings.py",
line 261,
in __call__
return self._bindAndExec(args, kw, None)
File "/usr/local/zope/App/lib/python/Shared/DC/Scripts/Bindings.py",
line 292,
in _bindAndExec
return self._exec(bound_data, args, kw)
File
"/usr/local/zope/App/lib/python/Products/CMFCore/FSPythonScript.py",
line
126, in _exec
result = apply(f, args, kw)
File "Script (Python)", line 55, in post_feedback
File "/usr/local/zope/App/lib/python/AccessControl/ZopeGuards.py",
line 349, i
n guarded_apply
return builtin_guarded_apply(func, args, kws)
File "/usr/local/zope/App/lib/python/AccessControl/ZopeGuards.py",
line 371, i
n builtin_guarded_apply
return func(*arglist, **argdict)
File
"/usr/local/zope/App/lib/python/Products/CMFCore/PortalFolder.py", line
3
62, in invokeFactory
, kw
File "/usr/local/zope/App/lib/python/Products/CMFCore/TypesTool.py",
line 824,
in constructContent
ob = apply(info.constructInstance, (container, id) + args, kw)
File "/usr/local/zope/App/lib/python/Products/CMFCore/TypesTool.py",
line 513,
in constructInstance
id = apply( m, args, kw ) or id # allow factory to munge ID
File "/usr/local/zope/M2K3/Products/Mousetrap/FeedbackPost.py", line
84, in ad
dFeedbackPost
o.setupFeedbackType(defaults=kw)
File "/usr/local/zope/M2K3/Products/Mousetrap/FeedbackPost.py", line
124, in s
etupFeedbackType
method(defaults=defaults)
File
"/usr/local/zope/App/lib/python/Products/CMFCore/FSPythonScript.py",
line
92, in __call__
return Script.__call__(self, *args, **kw)
File "/usr/local/zope/App/lib/python/Shared/DC/Scripts/Bindings.py",
line 261,
in __call__
return self._bindAndExec(args, kw, None)
File "/usr/local/zope/App/lib/python/Shared/DC/Scripts/Bindings.py",
line 292,
in _bindAndExec
return self._exec(bound_data, args, kw)
File
"/usr/local/zope/App/lib/python/Products/CMFCore/FSPythonScript.py",
line
126, in _exec
result = apply(f, args, kw)
File "Script (Python)", line 5, in apply_CommentSchema
File "/usr/local/zope/App/lib/python/AccessControl/ZopeGuards.py",
line 349, i
n guarded_apply
return builtin_guarded_apply(func, args, kws)
File "/usr/local/zope/App/lib/python/AccessControl/ZopeGuards.py",
line 369, i
n builtin_guarded_apply
guard(kws, v, k)
File "/usr/local/zope/App/lib/python/AccessControl/ZopeGuards.py",
line 219, i
n guard
if getSecurityManager().validate(container, container, index,
value):
File "/usr/local/zope/App/lib/python/AccessControl/ImplPython.py",
line 263, i
n validate
raise Unauthorized(name, value)
Unauthorized: You are not allowed to access 'notify_instantly' in this
context
More information about the Zope-Dev
mailing list