[Zope-dev] Security validation issue
Herman Geldenhuys
hgeldenhuys at gims.com
Wed Jan 28 09:59:44 EST 2004
I've written a Zope product that exposes a "MenuItem". I add a menuItem in a Zope folder, and I have no difficulty accessing and editing it via the ZMI. I've written an xml-rpc-like protocol for Zope, that basically validates the security "manually".
This menuItem has an attribute called "def getVersion(self):" which returns an int.
This is the Code that prevents me from accessing the method in python, via my protocol:
if not AccessControl.getSecurityManager().validate(None, object, attributes[-1]):
raise UnauthorisedAccessException('Unauthorised: ' + originalAddress)
object = <bound method HWMenuItem.getVersion of <HWMenuItem instance at 01B7B290>>
This is the method getVersion
attributes[-1] = "getVersion" (string)
UnauthorisedAccessException: Unauthorised: menus.administration.addUser.getVersion
This code works for any other default Zope type, but not mine. Did I perhaps forgot a permission or something?
I can access this fine via the ZMI, but when I validate it this way, python just starts cursing at me.
Can somebody help?
Thanks
H
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope-dev/attachments/20040128/48b6c9ac/attachment-0001.html
More information about the Zope-Dev
mailing list