[Zope] Re: BeforeDeleteException and FTP "530 Unauthorized" messages
Joseph Kocherhans
jkocherhans at mac.com
Wed Mar 31 16:06:22 EST 2004
Well I've solved it for now. It smells hackish, but it seems to work
well, and it's simple. At least I didn't have to patch any ZServer code ;)
I created a new Exception class:
from OFS.ObjectManager import BeforeDeleteException
class Unauthorized(BeforeDeleteException): pass
and the raised this new Unauthorized exception in manage_beforeDelete if
the permission check fails:
user = getSecurityManager().getUser()
if not user.has_permission(DeleteFiles, self):
raise Unauthorized
This gives me the pretty "Insufficient Privileges" error in Plone and a
"530 Unauthorized" error via FTP if I'm not allowed to delete the file.
It also seems to abort the transaction if I'm trying to delete multiple
files TTW, which is exactly what I wanted. FTP deletetion will go ahead
for any allowed files since it carries out deletions one at a time.
Somehow I doubt that all FTP clients handle folder deletion in the same
way, so we'll see how that pans out.
Hopefully things will be easier in Zope3. This thread seems to give some
hope anyhow.
http://mail.zope.org/pipermail/zope3-dev/2004-January/009298.html
Joseph Kocherhans wrote:
> I've just spent a few hours digging around in ZServer and friends. I
> haven't wrapped my head around everything, but the basic idea I get is
> that if a user is not allowed to delete objects from a container, then
> either an Unauthorized or Forbibben exception is raised (I'm still not
> able to tell which). This is then translated to it's respective code
> (401 or 403) and set as the status of an Response object. Then, in
> FTPServer the 401 or 403 is returned to the ftp client as "530
> Unauthorized"
>
> I have a product that is using BeforeDeleteException to veto object
> deletion. I would expect that when I tried to delete the object via FTP
> that the ftp client would get "530 Unauthorized", but it gets nothing
> and the BeforeDeleteException is going uncaught.
>
> It seems to me that in ZServer the http response status is directly tied
> to the exception type (either Unauthorized or Forbidden.) Does anyone
> how I might go about geting the ftp server to return "530 Unauthorized"
> if object deletion is vetoed with BeforeDeleteException? Or more
> specifically how a BeforedDeleteException could change the response
> status to 401 or 403 (which is more appropriate?) Also, is this a bug,
> or is there some reason the BeforeDeleteException goes uncaught?
>
> Any insight would be much appreciated.
>
> Thanks,
> joseph
>
>
> _______________________________________________
> Zope maillist - Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> ** No cross posts or HTML encoding! **
> (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
>
More information about the Zope
mailing list