[Zope] Re: Little explanation

bruno modulix bruno at modulix.org
Thu Oct 14 03:34:50 EDT 2004


Tres Seaver wrote:
> bruno modulix wrote:
> 
>> Sébastien Vinot wrote:
>>
>>> Continuing to investigate my problem 
>>
>>
>>
>> Which is ?-)
>>
>>> I get now this error " You are not
>>> allowed to access 'aq_inner' in this context " for one specific user.
>>>  
>>> I've read that aq_inner is the aquisition system : how is it possible
>>> not to have rights on it ?
>>
>>
>>
>> UTSL !-)
>>
>> AFAIK, aq_self, aq_parent, aq_inner, etc, are under control of the 
>> security mechansim and are not accessible from the 'restricted' 
>> environment (scripts, ZPT, DTML etc.). You can only use'em from 
>> Products or External Methods.
>>
> 
> Actually, the ZopeSecurity policy normally prohibits accessfrom 
> untrusted code to any acquisition methods *except* 'aq_parent', 
> 'aq_inner', and 'aq_explicit' 

(some test later...) You're right. I had a similar symptom with aq_self, 
and I wrongfully concluded that all aq_XXX methods were prohibited.

for i in range(100):
   print "I'll UTS myself before telling others to do so"

Is that's ok ?-)

(snip)


> Try adding Shane Hathaway's VerboseSecurity product to your Zope (while 
> debugging such issues);  it often gives you many more clues to what 
> triggers and Unauthorized exception:
> 
>   http://hathawaymix.org/Software/VerboseSecurity
> 

Thank for the tip.

-- 
Bruno Desthuilliers - Analyste-programmeur
bruno at modulix.org
www.modulix.com



More information about the Zope mailing list