[Zope] read_raw() not allowed below root ?

Brian Lloyd brian@digicool.com
Wed, 20 Dec 2000 10:58:19 -0500


Didier -

read_raw() is an internal api that should never have
been exposed in the first place (as you've noticed,
that hole has since been closed up).

You probably want to use the 'document_src()' method,
which does what you want and is protected by the
'View management screens' permission.

Hope this helps!


Brian Lloyd        brian@digicool.com
Software Engineer  540.371.6909
Digital Creations  http://www.digicool.com




> -----Original Message-----
> From: zope-admin@zope.org [mailto:zope-admin@zope.org]On Behalf Of
> Didier Georgieff
> Sent: Wednesday, December 20, 2000 10:25 AM
> To: zope@zope.org
> Subject: [Zope] read_raw() not allowed below root ?
>
>
> Hello,
>
> I have a new problem wich i suspect is related with the weird
> things i didn't solved yet. I
> still don't found if it's a misunderstanding about new 2.2
> security (like setting a local
> role ONLY if you have this local role) or a real problem.
>
> I have a view_code method (stolen from Yihaw) wich basically look
> at code, properties,
> folders and print it.
>
> It was working like a charm under 2.1.6.
>
> Now on 2.2.4 (with the 12-08, 12-15a and 12-18 hotfix) and
> TransparentFolder 0.3:
>
> * I don't have access to read-raw() (Unauthorized traceback
> below) , even if i'm
> manager (and even on folders without local roles) and even with
> manager as proxy role
> for this method.
> * ownership is implicit
> * and i deleted the remaining "superuser" having a local role on
> this method.
>
> Until i understand what is going on (a bug or a
> misunderstanding), i guess i'll (gently ;-)
> flood the list.
> I'm deeply sorry to post again, but i found no information on the
> archive (read_raw), the
> explanations on the new security model didn't ring a bell, so ....
>
> Thanks for any help or tip.
>
> Unauthorized
> You are not authorized to access read_raw.
> Traceback (innermost last):
>   File /zope/2-2-2/lib/python/ZPublisher/Publish.py, line 222,
> in publish_module
>   File /zope/2-2-2/lib/python/ZPublisher/Publish.py, line 187,
> in publish
>   File /zope/2-2-2/lib/python/ZPublisher/Publish.py, line 171,
> in publish
>   File /zope/2-2-2/lib/python/ZPublisher/mapply.py, line 160,
> in mapply
>     (Object: view_code)
>   File /zope/2-2-2/lib/python/ZPublisher/Publish.py, line 112,
> in call_object
>     (Object: view_code)
>   File /zope/2-2-2/lib/python/OFS/DTMLMethod.py, line 172, in
> __call__
>     (Object: view_code)
>   File /zope/2-2-2/lib/python/DocumentTemplate/DT_String.py,
> line 528, in __call__
>     (Object: view_code)
>   File /zope/2-2-2/lib/python/DocumentTemplate/DT_In.py, line
> 691, in renderwob
>     (Object: objectItems('DTML Method'))
>   File /zope/2-2-2/lib/python/DocumentTemplate/DT_Var.py, line
> 278, in render
>     (Object: read_raw())
>   File /zope/2-2-2/lib/python/DocumentTemplate/DT_Util.py,
> line 331, in eval
>     (Object: read_raw())
>     (Info: read_raw)
>   File /zope/2-2-2/lib/python/OFS/DTMLMethod.py, line 194, in
> validate
>     (Object: view_code)
>   File /zope/2-2-
> 2/lib/python/AccessControl/SecurityManager.py, line 139, in
> validate
>   File /zope/2-2-
> 2/lib/python/AccessControl/ZopeSecurityPolicy.py, line 183, in
> validate
> Unauthorized: (see above)
>
>
> --
> Didier Georgieff
> DDAF du Bas-Rhin - Cellule SIG
> 2, rue des Mineurs 67070 Strasbourg Cedex
> tél : 03.88.25.20.33 - fax : 03.88.25.20.01
> email : didier.georgieff@agriculture.gouv.fr
> SIT du Bas-Rhin : http://www.bas-rhin.sit.gouv.fr
> GéoWeb http://sertit10.u-strasbg.fr
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>
>