[Zope] 2.6.3/product/security/PageTemplateFile problem
Stuart Bishop
stuart.b at commonground.com.au
Fri Jan 23 19:20:54 EST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 24/01/2004, at 11:27 AM, robert rottermann wrote:
> Siegmund Fuhringer wrote:
>> i have a "small" problem with PageTemplateFiles i use in products.
>> the problem is, that none of my products which worked fine under zope
>> <=
>> 2.6.2 are working under 2.6.3/2.7.0-rc1.
>>
>> i always get "You are not allowed to access '' in this context" when i
>> try to access a PageTemplateFile, even if i declare them public.
>> normal
>> methods are still working correct.
>>
>> these are the lines, where the problem(s) must be:
>>
>> ...
>> __roles__ = ( )
>> security = ClassSecurityInfo( )
>> security.setDefaultAccess( 'deny' )
>> ...
>> security.declarePublic( 'index_html' )
>> index_html = PageTemplateFile( 'ZPT/index_html.zpt', globals( ) )
>> ...
>>
>>
>> any idea what i'm doing wrong?
> This is a known and solved problem. You have to download a version
> from CVS, or you have to wait for the next release.
This particular problem is not yet resolved. A temporary work
around is to use security.setDefaultAccess({'': 1}) instead of
security.setDefaultAccess('deny'). I have no idea if this workaround
is reopening the security holes these extra checks were supposed to
close.
- --
Stuart Bishop <stuart at stuartbishop.net>
http://www.stuartbishop.net/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (Darwin)
iD8DBQFAEbpuAfqZj7rGN0oRAvd5AKCN0+DsYzh6jY74CQrRheIZm55F3wCgmH52
MxAdKZAPPhOALN9/XoP07pY=
=fXgs
-----END PGP SIGNATURE-----
More information about the Zope
mailing list