[Zope] Problem with passing objects from External Methods

Karl Anderson karl@digicool.com
11 Apr 2001 12:07:39 -0700


Looks to me like the Zope security machinery is refusing to publish
the attirbute "data" because the container, an element instance, isn't
telling Zope that this is allowable.

Chris suggested a solution which involves using the Zope security
helper functions to turn this container into something that works with
Zope security, and if you're storing or keeping this container after
passthis returns it, or you want to do any access control with it, I'd
agree with him.

Looking at ZopeSecurityPolicy.py where your exception was thrown,
however, it seems that the reason that this exception would have been
avoided if you make a simple change to the container.  Either give it
an __allow_access_to_unprotected_subobjects__ attribute with a value
of 1, or use a dict instead of a class instance.

Why?  The throw occurs on line 168 because p isn't true.  p will be an
int if its container (the element instance in your code) is a list,
dict, or tuple (line 153).  Otherwise, p will be true if the container
has an int __allow_access... attribute which is true (or if that
attribute is another type, but I'd suggest real permissions first).

Obscure, but there it is.  I learned about this when trying to figure
out a different obscure access situation :(

What I don't understand is that these checks seem to occur even if the
container supplies or acquires a __roles__ attribute.

Jason Joy <kyroraz@usa.net> writes:

> This one has been driving me a bit crazy and I think there is a simple
> solution to this.  I have written an external method to return a list of
> objects back to a DTML method which executes the code via a dtml-in.
> 
> The dtml code looks like:
> 
> <dtml-in processMethod(passthis)>
> <dtml-var sequence-index><dtml-var data><BR>
> </dtml-in>
> 
> And this is passthis.py:
> 
> import string, regex
> 
> def passthis(passed):
>    class element:
>       pass
>    info = []
>    structures = string.split(passed)
>    for structure in structures:
>       bit = element()
>       ## Get Information here, and store it in foo.
>       bit.data = foo
>       bit.source = structure
>       info.append(bit)
>    return(info)
> 
> ---
> 
> When I run the code, I get a box that asks me to revalidate my Zope login and
> nothing works, finally, the system gives up and gives me an error with this at
> the bottom:
> 
> File /usr/local/Zope-2.3.0/lib/python/AccessControl/ZopeSecurityPolicy.py,
> line 168, in validate
> Unauthorized: data
> 
> Does anyone have any advice on this one?  This is an example of what I am
> doing and I need to pass a list of objects (with about 10 properties on each)
> to be run through a dtml-in.
> 
> Thanks,
> 
> Jason
> 
> 
> ____________________________________________________________________
> Get free email and a permanent address at http://www.netaddress.com/?N=1
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
> 

-- 
Karl Anderson                          karl@digicool.com