[Zope] Product Creation and Permission
Jason Joy
kyroraz@usa.net
3 May 2001 12:13:29 MST
I started working on this the other day and posted some questions regardi=
ng
this, and I apologize ahead of time for the length of this message, but t=
his
has me absolutely baffled and if anyone can offer some insight into Zope'=
s
ObjectManger and how it works in regards to this, it would be extremely
appreciated.
I am constructing a product that is basically in essence a SQL-Zclass, wh=
ere
you can manipulate SQL in a Object Manager. I have two classes, A and B,=
where B works off of A.
So, after you create a instance of A in Zope (in a folder or such), it ap=
pears
=2E. and then you click on it, it brings up a management screen (assuming=
that
we're allowable to do such) that runs a SQL command that displays the res=
ults
as "objects" in the instance of A. These instances displayed in A are re=
lated
to B. Clicking on one of these new instances of B should bring up a list=
of
further related objects contained in B (in the SQL database) and allow yo=
u to
manage objects C, D, E... etc. The problem that I am getting is A works =
fine,
and shows the objects of B contained within. However, when I click on on=
e of
these in the management screen, I get a request to login again, and I can=
never enter in a correct authentication despite having full privledges to=
this
Zope server, and after three tries, I am dropped to a Unauthorized screen=
saying that Username and Password are not correct.
Can anyone shed any light on this issue? Is there something I am missing=
,
some class that I am not inheriting that's allowing Zope access to it's
authentication methods? Or is what I am doing just plain impossible in Z=
ope? =
I have included examples of what I am trying to do below and apologize fo=
r the
length of this message.
Jason
A:
import Globals
from Globals import Persistent, Acquisition
import AccessControl
import OFS
from B import *
from pg import DB
from AccessControl import ClassSecurityInfo
from Acquisition import Implicit
__allow_access_to_unprotected_subobjects__ =3D 1
class objectChunk(Implicit):
security =3D ClassSecurityInfo()
security.declareObjectPublic()
security.setDefaultAccess('allow')
security.__allow_access_to_unprotected_subobjects__ =3D 1
def SQLquery(query):
db =3D "zope"
server =3D "192.168.1.1"
port =3D 5432
sqluser =3D "zope"
sqlpassword =3D "********"
data =3D []
if query[0:6] =3D=3D "SELECT":
for output in
DB(db,server,port,'',sqluser,sqlpassword).query(query).dictresult():
result =3D objectChunk()
masterkeys =3D output.keys()
for key in masterkeys:
f =3D setattr(result, key, output[key])
data.append(result)
else:
SQLOUTPUT =3D DB(db,server,port,'',sqluser,sqlpassword).query(query)
return (data)
def manage_addA(self,id,name,description,REQUEST=3DNone):
obja =3D A(id,name,description)
self._setObject(id, obja)
if REQUEST is not None:
return self.manage_main(self, REQUEST)
manage_addAForm =3D Globals.HTMLFile('dtml/add_obja', globals())
class A(
OFS.ObjectManager.ObjectManager,
OFS.PropertyManager.PropertyManager,
Acquisition.Implicit,
Persistent,
AccessControl.Role.RoleManager,
OFS.SimpleItem.Item,
):
=
a=3D()
manage_options=3D(
{'label':'Properties', 'action':'manage_main'},
{'label':'View', 'action':''},
) + OFS.SimpleItem.SimpleItem.manage_options
meta_type =3D 'Product'
index_html =3D Globals.HTMLFile("dtml/obja", globals())
#manage_main =3D Globals.HTMLFile("dtml/edit_obja", globals())
def __init__(self, id, name,description):
=
self.id =3D id
self.name =3D name
self.desc =3D description
=
=
def objectItems(self):
objQUERY =3D "SELECT * FROM B WHERE dgid =3D '" + self.id + "'"
QUERYRESULT =3D []
QUERYRESULT =3D SQLquery(objQUERY) =
a =3D []
for objects in QUERYRESULT:
tp =3D
B(objects.id,objects.dgid,objects.obj_name,objects.obj_desc,objects.obj_c=
reator,objects.obj_created,objects.obj_moddate)
tpwrapper =3D [objects.id,tp]
a.append(tpwrapper)
return a =
=
def manage_beforeDelete(self,item,container):
QUERYSTRING =3D "DELETE FROM B WHERE dgid =3D '" + item.id + "'"
queryresult =3D SQLquery(QUERYSTRING)
def _getOb(self,id,dp=3D2):
__allow_access_to_unprotected_subobjects__ =3D 1
nextobject =3D
B(self.id,id,"name","desc","creater","createrdate","moddate") =
return nextobject
def _delObjects(self,id):
"This deletes the objects specified" =
print "In the _delObjects" =
def _delOb(self,id):
"This deletes the objects specified" =
SQLQUERY =3D "DELETE FROM B WHERE id =3D '" + id + "'"
INQUIRE =3D SQLquery(SQLQUERY)
Globals.default__class_init__(A)
Globals.default__class_init__(B)
Globals.InitializeClass(objectChunk)
B:
import Globals
from Globals import Persistent, Acquisition
import AccessControl
import OFS
from pg import DB
from AccessControl import ClassSecurityInfo
from Acquisition import Implicit
__ac_permissions__ =3D (
('View',
('index_html', '__getitem__', 'id', 'pageCount', 'getAllPages',
'getPage', 'navigationBar')),
('Management Screens',
('manage_main','manage_edit', 'manage_addPage', 'manage_editPage',
'manage_deletePages')),
('Anonymous','Anonymous'),
)
__allow_access_to_unprotected_subobjects__ =3D 1
class objectChunk(Implicit):
security =3D ClassSecurityInfo()
security.declareObjectPublic()
security.setDefaultAccess('allow')
security.__allow_access_to_unprotected_subobjects__ =3D 1
def SQLquery(query):
## change these when you change servers
db =3D "zope"
server =3D "192.168.1.1"
port =3D 5432
sqluser =3D "zope"
sqlpassword =3D "********"
data =3D []
if query[0:6] =3D=3D "SELECT":
for output in
DB(db,server,port,'',sqluser,sqlpassword).query(query).dictresult():
result =3D objectChunk()
masterkeys =3D output.keys()
for key in masterkeys:
f =3D setattr(result, key, output[key])
data.append(result)
else:
SQLOUTPUT =3D DB(db,server,port,'',sqluser,sqlpassword).query(query)
return (data)
def
manage_addB(self,dg_id,id,name,desc,creater,createrdate,moddate,REQUEST=3D=
None):
The argument 'self' will be bound to the parent Folder.
QUERYSTRING =3D "INSERT INTO C
(id,dgid,obj_name,obj_desc,obj_creator,obj_created,obj_moddate) VALUES
('"+id+"','"+dg_id+"','"+name+"','"+desc+"','"+creater+"','"+createrdate+=
"','"+moddate+"')"
print QUERYSTRING
SQLRETURN =3D SQLquery(QUERYSTRING)
if REQUEST is not None:
return self.manage_main(self, REQUEST)
manage_addTopicForm =3D Globals.HTMLFile('dtml/add_obj', globals())
class B(
OFS.ObjectManager.ObjectManager,
OFS.PropertyManager.PropertyManager, =
Acquisition.Implicit,
Persistent,
AccessControl.Role.RoleManager,
OFS.SimpleItem.Item,
):
__ac_permissions__ =3D (
('Change Management',
('manage_main','manage_edit', 'manage_addPage', 'manage_editPage',
'index_html')),
)
a=3D()
security =3D ClassSecurityInfo()
security.declareObjectPublic()
##security.setDefaultAccess('allow')
security.__allow_access_to_unprotected_subobjects__ =3D 1
manage_workspace__roles__=3D('Manager','Anonymous',)
manage_options=3D(
{'label':'Properties', 'action':'manage_main'},
{'label':'View', 'action':''},
) + OFS.SimpleItem.SimpleItem.manage_options
=
meta_type =3D 'Product 2'
index_html =3D Globals.HTMLFile("dtml/obj", globals())
manage_main =3D Globals.HTMLFile("dtml/edit_obj", globals())
def __init__(self,dg_id,id,name,desc,creater,createrdate,moddate):
self.dg_id =3D dg_id =
self.id =3D id
self.name =3D name
self.desc =3D desc
self.creater =3D creater
self.createdate =3D createrdate
self.moddate =3D moddate
__allow_access_to_unprotected_subobjects__ =3D 1
manage_workspace__roles__=3D('Manager','Anonymous',)
def objectItems(self):
print "In the objectItems method of Tp"
objQUERY =3D "SELECT * FROM B WHERE dgid =3D '" + self.id + "'"
QUERYRESULT =3D []
QUERYRESULT =3D SQLquery(objQUERY)
a =3D []
for objects in QUERYRESULT:
tp =3D
B(objects.id,objects.dgid,objects.obj_name,objects.obj_desc,objects.obj_c=
reator,objects.obj_created,objects.obj_moddate)
tpwrapper =3D [objects.id,tp]
a.append(tpwrapper)
return a
Globals.InitializeClass(objectChunk)
____________________________________________________________________
Get free email and a permanent address at http://www.netaddress.com/?N=3D=
1