[Zope3-Users] Need help with a Five / Viewlet Configuration Problem
kevin gill
kevin at movieextras.ie
Tue Feb 24 04:14:17 EST 2009
It turned out that the problem was the viewlet manager. It was using the
zope.viewlet.manager instead of the Five.viewlet.manager baseclasses. Once
I changed the viewlet manager it worked fine.
Kevin
> I am getting a ForbiddenAttribute error on 'render' when I try to display
> a viewlet in my Zope2 application.
>
> I am running zope 2.11.2 + Five. I am currently working on integrating
> grok + z3c.form into our stack.
>
> I have security a problem configuring the
> z3c.formjs.interfaces.IDynamicJavaScript viewlet.
>
> The viewlet configuration (in z3c.formjs) seems standard...
>
> <browser:viewlet
> name="z3c.formjs.subscriptions"
> manager=".interfaces.IDynamicJavaScript"
> view="z3c.formjs.interfaces.IHaveJSSubscriptions"
> class="z3c.formjs.jsevent.JSSubscriptionsViewlet"
> permission="zope.Public"
> layer="z3c.form.interfaces.IFormLayer"
> />
>
> The viewlet is very standard.
>
> When I run the system, the viewlet is wrapped using the
> Products.Five.viewlet.metaconfigure functionality to provide a wrapped
> viewlet.
>
> However, when I run the application, I get this error...
>
> Module zope.viewlet.manager, line 107, in update
> Module zope.viewlet.manager, line 85, in filter
> Module zope.security.checker, line 134, in canAccess
> ForbiddenAttribute: ('render',
> <Products.Five.viewlet.metaconfigure.JSSubscriptionsViewlet object at
> 0x84c0410>)
>
> It appears to me that, at runtime, an incorrect 'checker' is being picked
> up. I believe that I should be seeing a call to
> Products/Five/security.py:checkPermission, but I believe I am picking up a
> different checker.
>
> I cannot seem to debug the checker, even though I set
> security-policy-implementation python in the zope.conf.
>
> Other (possibly) relevant information...
>
> (Pdb) adapter.__class__
> <class 'Products.Five.viewlet.metaconfigure.JSSubscriptionsViewlet'>
>
> (Pdb) from Products.Five.security import getSecurityInfo
> (Pdb) getSecurityInfo(adapter.__class__)
> {'render__roles__': None, 'update__roles__': None, '__roles__': None,
> '__ac_permissions__': ()}
>
> (Pdb) from zope.security.management import thread_local
> (Pdb) thread_local.interaction
> <Products.Five.security.FiveSecurityPolicy object at 0x84c0650>
>
>
>
More information about the Zope3-users
mailing list