[Zope] Good Problem

Joseph Griffin jgriffin@pclnet.net
Mon, 30 Sep 2002 19:55:05 -0500 

Good Evening Everyone,
Please take a look at the code below. All code starting with a # resulted in
a security violation (not authorized) in line 7 of recs2lod(). Code starting
with an * worked. I stumbled onto the answer by sheer luck. Can anyone tell
me why? Thanks Joseph


def recs2lod(recset, names=None):
    names = names or recset.names()
    L = [ ]
    for rec in recset:
        D = {}
        for name in names:
            D[name] = rec[name]
        L.append(D)
    return (L)

def returninitials(studentname):
    import string
    L = string.split(studentname,',')
    first = string.strip(L[1])
    second = string.strip(L[0])
    return string.lower(first[0:1]) + string.lower(second[0:1])

def getmatches(recset):
    count = 0
    for item in range(len(recset)):
        initials = returninitials(recset[item]['name'])
        if initials == initials:
            count = count + 1
    return count

def postresults(recset):

    #Before
    #pledges = container.zsqlgetpledgebycode(studentid=recset[0]['id'])
    #passtozpt = recs2lod(pledges)

    *After
    *pledges =
container.zsqlgetpledgebycode(studentid=recset[0]['id']).dictionaries()
    *passtozpt = pledges
    for pledge in passtozpt:
        if pledge['paid'] == 0:
            pledge['paid'] = 'No'
        else:
            pledge['paid'] = 'Yes'
        if pledge['check'] == 0:
            pledge['check'] = 'No'
        else:
            pledge['check'] = 'Yes'
    return passtozpt

#Before
#recset =
container.zsqlselectbybirthday(month=birthmonth,day=birthday,year=birthyear)
#hits=recs2lod(recset)

*After
*recset =
container.zsqlselectbybirthday(month=birthmonth,day=birthday,year=birthyear)
.dictionaries()
*hits=recset

finalhits = getmatches(recset) # Better be equal to 1!
if finalhits == 1:
    fccheck =
container.getFamilyCode(studentid=hits[0]['id']).dictionaries()
    if int(familycode) == fccheck[0]['familycode']:
        pledges=postresults(recset)
        return container.ShowRequestedPledges(pledges=pledges)
elif finalhits == 0:
    return container.ShowErrorMessage(errormsg='Your Input Did Not Match Any
Student in the Database. Please Try Again.')
elif finalhits > 1:
    return container.ShowErrorMessage(errormsg='Your Input resulted in
multiple matches in the student database. Please send email with your
student''s name to: jgriffin@pclnet.net')
else:
    pass