[Zope] Re: Little explanation
bruno modulix
bruno at modulix.org
Thu Oct 14 03:34:50 EDT 2004
Tres Seaver wrote:
> bruno modulix wrote:
>
>> Sébastien Vinot wrote:
>>
>>> Continuing to investigate my problem
>>
>>
>>
>> Which is ?-)
>>
>>> I get now this error " You are not
>>> allowed to access 'aq_inner' in this context " for one specific user.
>>>
>>> I've read that aq_inner is the aquisition system : how is it possible
>>> not to have rights on it ?
>>
>>
>>
>> UTSL !-)
>>
>> AFAIK, aq_self, aq_parent, aq_inner, etc, are under control of the
>> security mechansim and are not accessible from the 'restricted'
>> environment (scripts, ZPT, DTML etc.). You can only use'em from
>> Products or External Methods.
>>
>
> Actually, the ZopeSecurity policy normally prohibits accessfrom
> untrusted code to any acquisition methods *except* 'aq_parent',
> 'aq_inner', and 'aq_explicit'
(some test later...) You're right. I had a similar symptom with aq_self,
and I wrongfully concluded that all aq_XXX methods were prohibited.
for i in range(100):
print "I'll UTS myself before telling others to do so"
Is that's ok ?-)
(snip)
> Try adding Shane Hathaway's VerboseSecurity product to your Zope (while
> debugging such issues); it often gives you many more clues to what
> triggers and Unauthorized exception:
>
> http://hathawaymix.org/Software/VerboseSecurity
>
Thank for the tip.
--
Bruno Desthuilliers - Analyste-programmeur
bruno at modulix.org
www.modulix.com
More information about the Zope
mailing list