[Zope] dummy class security problem

magnus/Websys@websys.no magnus/Websys@websys.no
Wed, 7 Mar 2001 16:46:33 +0100


This is from one of the dtml-tree HOWTOs on zope.org.  It doesn't work with 
the new security mechanism.  When I test it I get the traceback at the bottom 
of the mail.  Any suggestions for making the 'name' property of 
_dummy 'public' to Zope?

-- From the HOWTO:

ExternalMethods/PythonMethods

A simple example
notes to self tree doesn't set sequence-item - also doesn't support 'mapping'. 
can't be used from pythonmethods, then.. can't create classes in PMs (?) 

class _dummy:
    def __init__(self, name):
        self.name=name

def child_lookup(parent):
    c = []
    for i in range(0,5):
        c.append(_dummy("%s.%d"%(parent, i)))
    return c


The DTML Method
<dtml-let name="0">
<dtml-tree id=name branches_expr="child_lookup(parent=name)">
 <b><dtml-var name></b>
</dtml-tree>
</dtml-let>

This, with a couple of nodes expanded, looks something like ..
 
-- Traceback

Zope Error
Zope has encountered an error while publishing this resource. 

Unauthorized

Sorry, a Zope error occurred.

Traceback (innermost last):
  File /usr/local/Zope-2.3.0-linux2-x86/lib/python/ZPublisher/Publish.py, line 
222, in publish_module
  File /usr/local/Zope-2.3.0-linux2-x86/lib/python/ZPublisher/Publish.py, line 
187, in publish
  File /usr/local/Zope-2.3.0-linux2-x86/lib/python/ZPublisher/Publish.py, line 
171, in publish
  File /usr/local/Zope-2.3.0-linux2-x86/lib/python/ZPublisher/mapply.py, line 
160, in mapply
    (Object: test_child)
  File /usr/local/Zope-2.3.0-linux2-x86/lib/python/ZPublisher/Publish.py, line 
112, in call_object
    (Object: test_child)
  File /usr/local/zope/lib/python/OFS/DTMLMethod.py, line 189, in __call__
    (Object: test_child)
  File /usr/local/Zope-2.3.0-linux2-
x86/lib/python/DocumentTemplate/DT_String.py, line 538, in __call__
    (Object: test_child)
  File /usr/local/Zope-2.3.0-linux2-x86/lib/python/DocumentTemplate/DT_Let.py, 
line 147, in render
    (Object: name="0")
  File /usr/local/Zope-2.3.0-linux2-x86/lib/python/TreeDisplay/TreeTag.py, 
line 154, in render
    (Object: a tree tag)
  File /usr/local/Zope-2.3.0-linux2-x86/lib/python/TreeDisplay/TreeTag.py, 
line 260, in tpRender
    (Object: Traversable)
  File /usr/local/Zope-2.3.0-linux2-x86/lib/python/TreeDisplay/TreeTag.py, 
line 514, in tpRenderTABLE
    (Object: Traversable)
    (Info: (['AAAAAAAAIEk=', []], 
{'childless_decoration': '', 'id': 'name', 'branches_expr': <method Eval.eval 
of Eval instance at 8a998f8>, 'url': 'tpURL'}, [['AAAAAAAAIEk=', []]], 
[['AAAAAAAAIEk=', []]]))
  File /usr/local/Zope-2.3.0-linux2-x86/lib/python/TreeDisplay/TreeTag.py, 
line 315, in tpRenderTABLE
  File /usr/local/Zope-2.3.0-linux2-x86/lib/python/DocumentTemplate/VSEval.py, 
line 202, in eval
    (Object: child_lookup(parent=name))
  File /usr/local/zope/lib/python/OFS/DTMLMethod.py, line 261, in validate
    (Object: test_child)
  File /usr/local/Zope-2.3.0-linux2-
x86/lib/python/AccessControl/SecurityManager.py, line 144, in validate
  File /usr/local/Zope-2.3.0-linux2-
x86/lib/python/AccessControl/ZopeSecurityPolicy.py, line 168, in validate
Unauthorized: name