RE: [Zope] Please test this Zope 2.2 beta 1 ZSQLMethods fix...
> > I think that you have hit it on the head - we're trying *hard* to > > make Zope harder to fool :^) Try adding the following to your > > class statement, for example: > > > > class MyClass: > > > > __allow_access_to_unprotected_subobjects__=1 > > Just a question: Is this documented somewhere.. I've seen some more > of these things here and wonder if there's some explanation > what exactly > has changed in 2.2 and which constants can be used to control these > things.. I plan to publish a guide for Product authors Monday that captures the essence of what has changed about the security policy and what product objects need to do to play nicely within it. Brian Lloyd[EMAIL PROTECTED] Software Engineer 540.371.6909 Digital Creations http://www.digicool.com ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Please test this Zope 2.2 beta 1 ZSQLMethods fix...
Hi! > I think that you have hit it on the head - we're trying *hard* to > make Zope harder to fool :^) Try adding the following to your > class statement, for example: > > class MyClass: > > __allow_access_to_unprotected_subobjects__=1 Just a question: Is this documented somewhere.. I've seen some more of these things here and wonder if there's some explanation what exactly has changed in 2.2 and which constants can be used to control these things.. (well, my classes seem to work under 2.2, so no problem for me right now but one never knows.. ;-) greetings, Christian ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
RE: [Zope] Please test this Zope 2.2 beta 1 ZSQLMethods fix...
> BUT, the BIG problem I'm having is still with the external method in > courseList.py. > > > > Any ideas? Now, it could just be my programming. With the > new 2.2 version > I may need to add security information to each object (which > I don't know > how to do). Right now I'm just starting with a blank class > and adding a few > properties to it. Zope may be looking at it and thinking, > "What the heck is > this thing?" The idea was to trick Zope into thinking it was > a Z SQL query; > perhaps 2.2 isn't so easily fooled...? I think that you have hit it on the head - we're trying *hard* to make Zope harder to fool :^) Try adding the following to your class statement, for example: class MyClass: __allow_access_to_unprotected_subobjects__=1 def __init(self, foo): ... ...You'll need to restart Zope for this to take effect. Hope this helps! Brian Lloyd[EMAIL PROTECTED] Software Engineer 540.371.6909 Digital Creations http://www.digicool.com ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] Please test this Zope 2.2 beta 1 ZSQLMethods fix...
That did it! But... :) I ended up having to re-create all my ZSQL methods, which was funny because they all worked in the beta 1 but not in beta 2. I kept getting len() of unsized object errors. Anyway, re-creating them all from scratch (ugh..) solved that problem. BUT, the BIG problem I'm having is still with the external method in courseList.py. I'll attach the file here. It returns a list that can be traversed with the tag. I'm still getting Unauthorized errors when trying to access properties of the objects this function returns. For instance, when I run this function on a query sorted by 'term', the first object in the list contains a property called 'open-term'. When I try to access this property within a tag, even as Superuser, it gives me an Unauthorized error. I tried everything, even giving anonymous users all privileges to that external method. Nothing worked. Here's my traceback: Unauthorized Sorry, a Zope error occurred. Traceback (innermost last): File /usr/Zope-2.2.0b2-solaris-2.6-sparc/lib/python/ZPublisher/Publish.py, line 222, in publish_module File /usr/Zope-2.2.0b2-solaris-2.6-sparc/lib/python/ZPublisher/Publish.py, line 187, in publish File /usr/Zope-2.2.0b2-solaris-2.6-sparc/lib/python/ZPublisher/Publish.py, line 171, in publish File /usr/Zope-2.2.0b2-solaris-2.6-sparc/lib/python/ZPublisher/mapply.py, line 160, in mapply (Object: list_courses) File /usr/Zope-2.2.0b2-solaris-2.6-sparc/lib/python/ZPublisher/Publish.py, line 112, in call_object (Object: list_courses) File /usr/Zope-2.2.0b2-solaris-2.6-sparc/lib/python/OFS/DTMLDocument.py, line 168, in __call__ (Object: list_courses) File /usr/Zope-2.2.0b2-solaris-2.6-sparc/lib/python/DocumentTemplate/DT_String.py , line 503, in __call__ (Object: list_courses) File /usr/Zope-2.2.0b2-solaris-2.6-sparc/lib/python/DocumentTemplate/DT_Let.py, line 145, in render (Object: page=id) File /usr/Zope-2.2.0b2-solaris-2.6-sparc/lib/python/OFS/DTMLMethod.py, line 163, in __call__ (Object: course_list) File /usr/Zope-2.2.0b2-solaris-2.6-sparc/lib/python/DocumentTemplate/DT_String.py , line 503, in __call__ (Object: course_list) File /usr/Zope-2.2.0b2-solaris-2.6-sparc/lib/python/DocumentTemplate/DT_Let.py, line 145, in render (Object: groupby="['term','type','category']" query="db.listCourses(type=type,term=term,keyword=keyword,category=category, inactive=inactive,show_new=PARENTS[0].id=='admin')") File /usr/Zope-2.2.0b2-solaris-2.6-sparc/lib/python/DocumentTemplate/DT_In.py, line 691, in renderwob (Object: extern.courseList(_, groupby=groupby, query=query)) File /usr/Zope-2.2.0b2-solaris-2.6-sparc/lib/python/OFS/DTMLMethod.py, line 189, in validate (Object: list_courses) File /usr/Zope-2.2.0b2-solaris-2.6-sparc/lib/python/AccessControl/SecurityManager .py, line 139, in validate File /usr/Zope-2.2.0b2-solaris-2.6-sparc/lib/python/AccessControl/ZopeSecurityPol icy.py, line 158, in validate Unauthorized: open_term Any ideas? Now, it could just be my programming. With the new 2.2 version I may need to add security information to each object (which I don't know how to do). Right now I'm just starting with a blank class and adding a few properties to it. Zope may be looking at it and thinking, "What the heck is this thing?" The idea was to trick Zope into thinking it was a Z SQL query; perhaps 2.2 isn't so easily fooled...? At any rate, we're getting closer... :) - T.J. - Original Message - From: Brian Lloyd <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; Brian Lloyd <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, June 21, 2000 9:25 AM Subject: [Zope] Please test this Zope 2.2 beta 1 ZSQLMethods fix... > Hi all, > > Several folks have reported problems in beta 1 with SQLMethods > having authentication problems when trying to call other SQL > Methods. I'd like a few intrepid volunteers to try something > for me to see if it fixes the problem. I'd like to make a 2.2 > beta 2 release tomorrow but I want to make sure this issue is > resolved first. > > Make a backup of the file: > > lib/python/Shared/DC/ZRDB/DA.py > > in your current (beta 1) installation and replace it with the > DA.py attached to this email, restart and let me know if the > problem goes away. > > Thanks! > > Brian Lloyd[EMAIL PROTECTED] > Software Engineer 540.371.6909 > Digital Creations http://www.digicool.com > > > > > courseList.py
RE: [Zope] Please test this Zope 2.2 beta 1 ZSQLMethods fix...
While I wasn't having the exact problem described below, this does appear to have fixed the problem I was having with SQL Methods not being able to access ZClass properties because of authentication problems. My ZClass was working fine in 2.1.4/5/6, but not in 2.2beta1 because of this. Now it works fine in both. ___ Ron Bickers Logic Etc, Inc. [EMAIL PROTECTED] > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brian > Lloyd > Sent: Wednesday, June 21, 2000 11:26 AM > To: '[EMAIL PROTECTED]'; Brian Lloyd; '[EMAIL PROTECTED]'; > '[EMAIL PROTECTED]' > Subject: [Zope] Please test this Zope 2.2 beta 1 ZSQLMethods fix... > > > Hi all, > > Several folks have reported problems in beta 1 with SQLMethods > having authentication problems when trying to call other SQL > Methods. I'd like a few intrepid volunteers to try something > for me to see if it fixes the problem. I'd like to make a 2.2 > beta 2 release tomorrow but I want to make sure this issue is > resolved first. > > Make a backup of the file: > > lib/python/Shared/DC/ZRDB/DA.py > > in your current (beta 1) installation and replace it with the > DA.py attached to this email, restart and let me know if the > problem goes away. ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )