[Zope] You are not allowed to access 'a particular str' in this
context
Dieter Maurer
dieter at handshake.de
Fri Jan 25 14:42:41 EST 2008
Gerhard Schmidt wrote at 2008-1-25 12:04 +0100:
>Dieter Maurer schrieb:
> ...
>> I expect that the "message" object implements a "__bobo_traverse__"
>> method (or gets one through "Five").
>> Zope is a bit stupid when "__bobo_traverse__" returns an object
>> without security declarations -- such as e.g. a string.
>> In this case, it insists that "getattr" must return the same object
>> and raise "Unauthorized" otherwise.
>
>Time 2008/01/25 12:01:53.125 GMT+1
>User Name (User Id) DC83D1F1DB88CDE8 (DC83D1F1DB88CDE8)
>Request URL http://devportal:6080/portal_communications/manage_messagequeue
>Exception Type Unauthorized
>Exception Value You are not allowed to access 'a particular str' in
>this context
> ...
> - __traceback_info__: message
> Module Products.PageTemplates.Expressions, line 338, in restrictedTraverse
> - __traceback_info__: {'path': ['ID'], 'TraversalRequestNameStack': []}
>Unauthorized: You are not allowed to access 'a particular str' in this
>context
This may be compatible with my assumption.
Check line 338 in "Products/PageTemplates/Expressions.py".
When this line is in the block handling the "__bobo_traverse__",
then you have confirmed my assumption.
In this case, you must either get rid of the message's "__bobo_traverse__"
or let it return an object with security declarations (such
as an "str" wrapper with an "__allow_access_to_unprotected_subobjects__=1"
and "__roles__=None") or ensure that a "getattr" results in the same
str or fix Zope.
--
Dieter
More information about the Zope
mailing list