[Zope] You are not allowed to access 'a particular str' in this context

Garito garito at sistes.net
Sat Jan 26 07:37:15 EST 2008


Hi!
I don't understand quite well this explanation but it interest me a lot (as
you can read if you search for my all questions about __bobo_traverse__)
do it need I put the __allow_access_to_unprotected_subobjects__=1 in the
__bobo_traverse__ or in other place?

I my last try to solve this issue in my case I try the __roles__ = None but
this was an uncomplete solution

Please can you complete my information?

Thanks!

2008/1/25, Dieter Maurer <dieter at handshake.de>:
>
> Gerhard Schmidt wrote at 2008-1-25 12:04 +0100:
> >Dieter Maurer schrieb:
> > ...
> >> I expect that the "message" object implements a "__bobo_traverse__"
> >> method (or gets one through "Five").
> >> Zope is a bit stupid when "__bobo_traverse__" returns an object
> >> without security declarations -- such as e.g. a string.
> >> In this case, it insists that "getattr" must return the same object
> >> and raise "Unauthorized" otherwise.
> >
> >Time   2008/01/25 12:01:53.125 GMT+1
> >User Name (User Id)    DC83D1F1DB88CDE8 (DC83D1F1DB88CDE8)
> >Request URL
> http://devportal:6080/portal_communications/manage_messagequeue
> >Exception Type         Unauthorized
> >Exception Value        You are not allowed to access 'a particular str'
> in
> >this context
> > ...
> >   - __traceback_info__: message
> >  Module Products.PageTemplates.Expressions, line 338, in
> restrictedTraverse
> >   - __traceback_info__: {'path': ['ID'], 'TraversalRequestNameStack':
> []}
> >Unauthorized: You are not allowed to access 'a particular str' in this
> >context
>
> This may be compatible with my assumption.
>
> Check line 338 in "Products/PageTemplates/Expressions.py".
> When this line is in the block handling the "__bobo_traverse__",
> then you have confirmed my assumption.
>
>
> In this case, you must either get rid of the message's "__bobo_traverse__"
> or let it return an object with security declarations (such
> as an "str" wrapper with an "__allow_access_to_unprotected_subobjects__=1"
> and "__roles__=None") or ensure that a "getattr" results in the same
> str or fix Zope.
>
>
> --
> Dieter
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
> http://mail.zope.org/mailman/listinfo/zope-announce
> http://mail.zope.org/mailman/listinfo/zope-dev )
>



-- 
Mis Cosas
http://blogs.sistes.net/Garito
Zope Smart Manager
http://blogs.sistes.net/Garito/670
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20080126/6f4cc0fb/attachment.htm


More information about the Zope mailing list