[Zope-dev] 2.6.4.c1 still problem with security

robert rottermann robert at redcor.ch
Tue Jan 20 15:18:27 EST 2004


Having read  Stuarts post with a similar context I was digging trough 
DCWorkflow with the debugger and found that

In Shared.DC.Scripts.Bindings._getContext(self), there
seems to be a new security check:
    getSecurityManager().validate(parent, container, '', self)

does only allow Manager to access the  container of the script that is 
called during the DCWorkflow transition.

Any ideas?

Robert

robert rottermann wrote:

> Hi there,
> I am using zope from cvs Zope-2_6-branch. I still get the following 
> assertion in a DCWorkflow which worked flawlessly in 2.6.2
>
> Thanks for any pointers
> Robert
>
> Traceback (innermost last):
>  Module ZPublisher.Publish, line 98, in publish
>  Module ZPublisher.mapply, line 88, in mapply
>  Module ZPublisher.Publish, line 39, in call_object
>  Module Products.CMFCore.FSPythonScript, line 92, in __call__
>  Module Shared.DC.Scripts.Bindings, line 261, in __call__
>  Module Shared.DC.Scripts.Bindings, line 292, in _bindAndExec
>  Module Products.CMFCore.FSPythonScript, line 126, in _exec
>   - __traceback_info__: ({'traverse_subpath': [], 'container': 
> <PloneSite instance at 8bbed10>, 'context': <PloneFolder instance at 
> 96fb608>, 'script': <FSPythonScript at /zehnder/zehnder/createObject 
> used for /zehnder/zehnder/tasklist/Task.2004-01-19.3020/Attachments>}, 
> (None, 'File', None), {}, (None, None, None))
>  Module None, line 12, in createObject
>  Module Products.CMFCore.PortalFolder, line 362, in invokeFactory
>  Module Products.CMFCore.TypesTool, line 824, in constructContent
>  Module Products.CMFCore.TypesTool, line 516, in constructInstance
>  Module Products.CMFCore.TypesTool, line 420, in _finishConstruction
>  Module Products.CMFCore.CMFCatalogAware, line 101, in 
> notifyWorkflowCreated
>  Module Products.CMFPlone.WorkflowTool, line 26, in notifyCreated
>  Module Products.CMFCore.WorkflowTool, line 362, in notifyCreated
>  Module Products.DCWorkflow.DCWorkflow, line 367, in notifyCreated
>  Module Products.DCWorkflow.DCWorkflow, line 440, in _changeStateOf
>  Module Products.DCWorkflow.DCWorkflow, line 543, in _executeTransition
>  Module Shared.DC.Scripts.Bindings, line 261, in __call__
>  Module Shared.DC.Scripts.Bindings, line 290, in _bindAndExec
>  Module Shared.DC.Scripts.Bindings, line 1, in ?
>  Module Shared.DC.Scripts.Bindings, line 224, in _getContext
> Unauthorized: You are not allowed to access  in this context
>
>
>
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev at zope.org
> http://mail.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope )
>
>




More information about the Zope-Dev mailing list