[Zope] Module security assertions fail
Dieter Maurer
dieter at handshake.de
Sat May 1 14:46:27 EDT 2004
Josef Albert Meile wrote at 2004-5-1 17:31 +0200:
> ...
>I have two packages "TranslationUtils" and "JMZPTMacros", which I want to
>use from a zope product. I have implemented the module and class security
>assertions as indicated on the Zope Developer's Gide, but I got always an
>Unauthorized error (see the traceback attached at the bottom of this
>message).
> ....
>----->Begin of MyInstanceHome/Products/JMUtils/TranslationUtils.py
>
>from AccessControl import ModuleSecurityInfo
>security=ModuleSecurityInfo()
>
>security.declarePublic('checkTranslationService')
> ...
> Module Products.PageTemplates.Expressions, line 340, in restrictedTraverse
> - __traceback_info__: {'path': ['Products', 'JMUtils',
>'TranslationUtils'], 'TraversalRequestNameStack': []}
>Unauthorized: You are not allowed to access 'TranslationUtils' in this
>context
"ModuleSecurityInfo" is really convoluted and difficult to grasp.
Try to replace:
security=ModuleSecurityInfo()
security.declarePublic('checkTranslationService')
by:
security=ModuleSecurityInfo('Products.JMUtils.TranslationUtils')
security.declarePublic('checkTranslationService')
If necessary, also add
ModuleSecurityInfo('Products').declarePublic('JMUtils')
ModuleSecurityInfo('Products.JMUtils').declarePublic('TranslationUtils')
Ensure that "TranslationUtils" is imported by your "__init__".
Otherwise, security declaration defined inside "TranslationUtils.py"
are not executed and therefore do not take effect.
--
Dieter
More information about the Zope
mailing list