[Zope] 2.6.3/product/security/PageTemplateFile problem

Dieter Maurer dieter at handshake.de
Fri Jan 23 15:42:50 EST 2004


Siegmund Fuhringer wrote at 2004-1-23 14:42 +0100:
>i have a "small" problem with PageTemplateFiles i use in products.
>the problem is, that none of my products which worked fine under zope <=
>2.6.2 are working under 2.6.3/2.7.0-rc1.
>
>i always get "You are not allowed to access '' in this context" when i
>try to access a PageTemplateFile, even if i declare them public. normal
>methods are still working correct.
>
>these are the lines, where the problem(s) must be:
>
>...
>__roles__   = ( )
>security    = ClassSecurityInfo( )
>security.setDefaultAccess( 'deny' )
>...
>security.declarePublic( 'index_html' )
>index_html  = PageTemplateFile( 'ZPT/index_html.zpt', globals( ) )
>...
>
>
>any idea what i'm doing wrong?

Your PageTemplate is not allowed to access its "container".
Up to the 2.6.3 security enhancements, this was not a problem.
Now, binding "container" raises an "Unauthorized".

You can either wait for the next Zope release (binding will then
be possible again) or remove "container" for your PageTemplate's
binding.
You will need to look at the "Shared.DC.Scripts.Bindings.Bindings"
to find out how to modify bindings for a "PageTemplateFile".

-- 
Dieter



More information about the Zope mailing list