[Zope] Re: ZSyncer and Zope-2.8.0
Dieter Maurer
dieter at handshake.de
Sun Aug 14 03:18:07 EDT 2005
Simon Michael wrote at 2005-8-12 17:11 -0700:
> ...
We will switch to Zope 2.8.1 within the next 2 to 3 weeks.
As ZSyncer is a vital product for us, I will be forced to fix
any problem it may have with Zope 2.8.1 and I will report back.
Note, that we use a ZSyncer version which no longer uses XML-RPC
but "ZPublisher.Client" to make its remote requests.
When I remember right, Paul incorporated this change in some
recent "ZSyncer" version. Are you using a current version?
In that case, the problem is probably either
* "ZPublisher.Client" no longer passing authentication
info correctly (less likely -- almost surely nothing
was changed there)
* much more likely:
the "validateValue" in "Products.ZSyncer.ZSyncer.ZSyncer.call_"
no longer works.
def call_(self,request):
'''decode *request* and execute it.'''
method,args= loads(request)
m= getattr(self,method)
if not getSecurityManager().validateValue(m):
raise Unauthorized
....
Jim had to change parts of the permission system for Zope 2.8
to the effect that validation without name is no longer
possible. This means that "validateValue" must
try to get a name and there may be a bug in the name detection.
Try replacing "validateValue(m)" by
"validate(self, self, method, m)".
--
Dieter
More information about the Zope
mailing list