[Zope] Security Guru Question

Alan Runyan runyaga@runyaga.com
Wed, 15 Jan 2003 08:47:58 -0600


I am cross posting this since it is relevant to exUserFolder.
On my objects that are below the exUserFolder I am
have a modified get_valid_userids which is the same
thing w/o the aq_base.  It seems to work just fine.  I
The problem is I'm using exUserFolder w/ my own
Authentication Source and really dont have time to
rewrite anything.

The problem is, of course now I have to track
changes to get_valid_userids() ... *sigh*  oh well.
I have run out of time/$$$ for this project and
this one thing took me several hours.  I could
imagine less experienced people giving up.

NOTE: before you give up.. ask the mailing list.
or #zope

for exUserFolder users they can read below on
my dilema because I would imagine someone
having teh same problem.  (They want to
share Database connections across many exUserFolder
instances)

thanks Stefan for your reply.

cheers,
~runyaga


----- Original Message -----
From: "Stefan H. Holek" <stefan@epy.co.at>
To: "Alan Runyan" <runyaga@runyaga.com>
Cc: <zope@zope.org>
Sent: Wednesday, January 15, 2003 3:36 AM
Subject: Re: [Zope] Security Guru Question


> Alan!
>
> I have been developing a user folder that requires the REQUEST to be
> acquireable at all times. I hit the very same wall wrt local roles
screens.
> Issue seems to be that 'user_names' is called on an unwrapped 'acl_user=
s'.
>
> Just like you I figured that it is probably not a good idea to remove t=
he
> call to 'aq_base'. My solution was to rewrap 'user_names' right before
> calling it.
>
>
> --- Role.py     Thu Oct 17 19:14:50 2002
> +++ Role.py     Thu Oct 17 19:37:35 2002
> @@ -312,6 +312,7 @@
>                  if mlu < 0: raise OverflowError
>                  un =3D getattr(aclu, 'user_names', _notfound)
>                  if un is not _notfound:
> +                    un =3D aclu.__of__(item).user_names   # rewrap
>                      unl =3D un()
>                      # maxlistusers of 0 is list all
>                      if len(unl) > mlu and mlu !=3D 0:
>
>
> HTH,
> Stefan
>
>
>
> --On Mittwoch, 15. J=E4nner 2003 00:25 -0600 Alan Runyan
> <runyaga@runyaga.com> wrote:
>
> > Its inside of AccessControl/Role.py in get_valid_userids()
> >
> > I have a object herirachy like:
> >
> > Zope Root -> MyApp -> Company -> Business Units
> >
> > in My App I have a PsycoPG connection object call my_users
> > and in all Companies I have a exUserFolder.
> >
> > now when I goto a Company or Business Unit and try to
> > assign/edit/list Local roles it bombs.  Because exUserFolder
> > cant find the 'my_users' connection object.  Why?  Well
> > I know why..
> >
> > because when the xxxLocalRoles screens are called they
> > call get_valid_userids which at the top says:
> > aclu =3D getattr(aq_base(item), 'acl_users', _notfound)
> >
> > and immediately aclu has all acquisition wrappers peeled off
> > of it and now I can not go any further up the heirarchy than
> > Company.
> >
> > I am very tempted in taking the aq_base(item) part off..and
> > I believe all will work... But I really need someone who
> > understands the implications of this to say whats the best
> > way forward.  I was thinking about overriding this method
> > in my Company/Business Unit classes with a version that
> > doesnt have aq_base().
>
> --
> Those who write software only for pay should go hurt some other field.
> /Erik Naggum/
>