[Zope] please take a look at this, it's probably really easy, but I'm totally stuck

Jacob Singh jacob@prisonbooks.org
Wed, 21 Nov 2001 13:56:42 -0500 

Thankx for the help, but I can't get around the permissions issue now.
indStory is located in the root and so is media, so basically it's going
restrictedTransverse(media/inline/asdasd.jpeg).  which is encouraging,
at least it's finding the file now, and I don't even have to convert the
string, but I still can't get around the security issue.

-----Original Message-----
From: zope-admin@zope.org [mailto:zope-admin@zope.org] On Behalf Of
Oliver Bleutgen
Sent: Wednesday, November 21, 2001 12:54 PM
To: zope@zope.org
Subject: Re: [Zope] please take a look at this, it's probably really
easy, but I'm totally stuck

Jacob Singh wrote:

> So here is my tragedy:
> I have an SQL query which pulls a record from a database.  One of the
> fields is called file1.  It contains a path to a file (i.e.
> media/inline/asdasd.jpeg).  This file is accessible through LocalFS.
> LocalFS requires a syntax like media['inline']['asdasd.jpg'], so I
wrote
> a script to convert the Unix style path to something LocalFS can
> understand.  This works fine.  Here is the code I use in my DTML doc
to
> render asdasd.jpg:
> 
> <dtml-call expr="REQUEST.set('imgpath',makeLocalFSPath(file1))">
> <dtml-var "_.getitem(imgpath,1)" null="_[media['none.gif']]">
> 
> The first line calls the pythinon script that will make the LocalFS
> path.  The second one endeavors to render the image using DTML's built
> in MIME to HTML technology which is necessary because using <IMG
> src=.....  would not give me the with and height and is bad practice
> anyway.  The null tag is just to shove that empty image marker in in
> case there is nothing in the field.  When I call the page it gets a
key
> error 
> Error Type: KeyError
> Error Value: media['inline']['asdasd.jpeg']
> 
> But if I put <dtml-var "media['inline']['asdasd.jpeg']"> in any
document
> in renders just fine.  So basically the variable value gets rendered,
> but since It's not a variable but an expression, Zope doesn't know
what
> to do.  Oh and I tried putting double quotes on imgpath via the
> makeLocalFSPath function to no avail.

Uhmm,
it seems to me that you are doing something like
imagepath = "media['inline']['asdasd.jpeg']"

If yes, then getitem(imagepath,1) can't work. There is no object named
media['inline'], there is an object with id "media" and it holds a 
subobject with id "inline". getitem() doesn't interpret the [] tokens,
it treats it as a string, while python doesinterpret them and do the 
right operation (object lookup) (that's why your <dtml-var "...">
works).
Fortunatly zope has a nice mechanism to to what you want, take a look
at the restrictedTraverse method, which should also work with LocalFS.
(ZMI online-help)
untested:
<dtml-var "restrictedTraverse(file1)">
should work in the context of the folder which contains "media".

cheers,
oliver


_______________________________________________
Zope maillist  -  Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )