[Zope3-Users] Need help with a Five / Viewlet Configuration Problem

kevin gill kevin at movieextras.ie
Tue Feb 24 04:14:17 EST 2009 

It turned out that the problem was the viewlet manager. It was using the
zope.viewlet.manager instead of the Five.viewlet.manager baseclasses. Once
I changed the viewlet manager it worked fine.

Kevin


> I am getting a ForbiddenAttribute error on 'render' when I try to display
> a viewlet in my Zope2 application.
>
> I am running zope 2.11.2 + Five. I am currently working on integrating
> grok + z3c.form into our stack.
>
> I have security a problem configuring the
> z3c.formjs.interfaces.IDynamicJavaScript viewlet.
>
> The viewlet configuration (in z3c.formjs) seems standard...
>
>   <browser:viewlet
>       name="z3c.formjs.subscriptions"
>       manager=".interfaces.IDynamicJavaScript"
>       view="z3c.formjs.interfaces.IHaveJSSubscriptions"
>       class="z3c.formjs.jsevent.JSSubscriptionsViewlet"
>       permission="zope.Public"
>       layer="z3c.form.interfaces.IFormLayer"
>       />
>
> The viewlet is very standard.
>
> When I run the system, the viewlet is wrapped using the
> Products.Five.viewlet.metaconfigure functionality to provide a wrapped
> viewlet.
>
> However, when I run the application, I get this error...
>
>   Module zope.viewlet.manager, line 107, in update
>   Module zope.viewlet.manager, line 85, in filter
>   Module zope.security.checker, line 134, in canAccess
> ForbiddenAttribute: ('render',
> <Products.Five.viewlet.metaconfigure.JSSubscriptionsViewlet object at
> 0x84c0410>)
>
> It appears to me that, at runtime, an incorrect 'checker' is being picked
> up. I believe that I should be seeing a call to
> Products/Five/security.py:checkPermission, but I believe I am picking up a
> different checker.
>
> I cannot seem to debug the checker, even though I set
> security-policy-implementation python in the zope.conf.
>
> Other (possibly) relevant information...
>
> (Pdb) adapter.__class__
> <class 'Products.Five.viewlet.metaconfigure.JSSubscriptionsViewlet'>
>
> (Pdb) from Products.Five.security import getSecurityInfo
> (Pdb) getSecurityInfo(adapter.__class__)
> {'render__roles__': None, 'update__roles__': None, '__roles__': None,
> '__ac_permissions__': ()}
>
> (Pdb) from zope.security.management import thread_local
> (Pdb) thread_local.interaction
> <Products.Five.security.FiveSecurityPolicy object at 0x84c0650>
>
>
>

More information about the Zope3-users mailing list