[Zope3-Users] xmlrpc access with PAU

C. H. c at kikazi.com
Fri Aug 17 21:46:13 EDT 2007 


I'm having difficulty accessing zope 3 objects using xmlrpc in my  
application, so
I've gone back into the 22auth example of Phillip von Weitershausen's  
excellent book and
made some simple modifications to elucidate my question in a simple  
environment
which I describe here:

created a zope 3 instance
    created a site named wcsite
       created a folder named rfolder
          created a recipe named r1
          created a recipe named r2

configured a PAU (at the wcsite level)
with
"No Challenge if Authenticated"
"Session Credentials"

created a Principal Folder named users

Access using a browser works fine. If I attempt to access an object  
that an unauthenticated
user has no access to, I'm presented with a login page and after  
logging in, I acquire and retain access
until I logout. That's good.

I modified Phillip's example python code worldcookery/xmlrpc/ 
recipe.py to authenticate using
a user=u1 and password=p1 (or so I think, hence my problem). That  
program is shown below.

To test:
First, in a browser I log in a manager and I edit the wcsite roles  
and permissions to grant the Site Manager role to All Users.

then run
displayandedit.py http://sasa.local:8080/wcsite/rfolder/r1

This works fine, so I'm able to locate and access and edit the recipe  
data

Next, (using a browser and logged in as the site manager)
I edit the wcsite roles and permissions to UNSET the Site Manager  
role to All Users and
grant  the "Visitor of the WorldCookery website" role to All Users.
Further, I edit wcsite/rfolder/r1 to grant the Site Manager role to  
user u1
So, the user r1 can read everything on the site but can only edit  
wcsite/rfolder/r1

Now, I rerun displayandedit.py http://sasa.local:8080/wcsite/rfolder/r1
and get an Unauthorized error:
xmlrpclib.ProtocolError: <ProtocolError for sasa.local:8080/wcsite/ 
rfolder/r1: 401 Unauthorized>

It is my belief that I should be able to provide xmlrpc access to the  
r1 user in the recipe.py code
but I can't figure out how. Can someone peruse the code below and  
suggest to me the
appropriate technique? The edit method is the one that I modified to  
attempt to provide access.
Thanks in advance.

=================Sample worldcookery/xmlrpc/recipe.py==================
import time
import xmlrpclib
from zope.schema import getFields
from zope.dublincore.interfaces import IZopeDublinCore
from zope.app.publisher.xmlrpc import XMLRPCView
from zope.component import getUtility
from zope.app.security.interfaces import IAuthentication
from zope.app.authentication.interfaces import IPluggableAuthentication

from worldcookery.interfaces import IRecipe

def to_unicode(string):
     if isinstance(string, unicode):
         return string
     return string.decode('utf-8')

class RecipeView(XMLRPCView):

     def info(self):
         return dict((field, getattr(self.context, field))
                     for field in getFields(IRecipe)
                     if field not in ('__parent__', '__name__'))

     def dublincore_info(self):
         dc = IZopeDublinCore(self.context)
         info = dict((field, getattr(dc, field))
                     for field in getFields(IZopeDublinCore))
         for name in ('effective', 'created', 'expires', 'modified'):
             if info[name]:
                 epochtime = time.mktime(info[name].timetuple())
                 info[name] = xmlrpclib.DateTime(epochtime)
             else:
                 info[name] = ''
         return info

     def edit(self, info, user, password):

         edit_return = ""
         pau = getUtility(IAuthentication)
         #
         # make sure there is an authentication utility
         #
         if not IPluggableAuthentication.providedBy(pau):
             edit_return = "# ERROR: No Pluggable Authentication  
Utility instance."
             return edit_return
         else:
             edit_return = "\n" +  "# found a Pluggable  
Authentication Utility instace named " + pau.__name__
         #
         # get the authenticator plugin and authenticate credentials
         #
         for name, plugin in pau.getAuthenticatorPlugins():
             auth_creds =  plugin.authenticateCredentials({'login':  
user, 'password': password})
             edit_return = edit_return + "\n#    authenticated user:"  
+ auth_creds.login + " title:" + auth_creds.title

         context = self.context
         context.name = to_unicode(info['name'])
         context.ingredients = \
             [to_unicode(ingr) for ingr in info['ingredients']]
         context.tools = [to_unicode(tool) for tool in info['tools']]
         context.time_to_cook = info['time_to_cook']
         context.description = to_unicode(info['description'])

         edit_return = edit_return + "\n" +  "# Object updated  
successfully"
         return edit_return

More information about the Zope3-users mailing list