Re: [Zope] Security class attribute

2006-01-26 Thread Peter Bengtsson 
On 1/26/06, Brian Lloyd <[EMAIL PROTECTED]> wrote:
> The ClassSecurityInfo is a convenience to provide a
> halfway-sane spelling for a lot of ugliness under the
> hood in setting up security.
>
> IntializeClass (among other things) tells the CSI to
> apply itself to the class to set everything up, then it
> gets *removed* from the class.
>
> I can't tell for sure from your code, but I suspect that
> IntializeClass is being called on MyProduct *before* you
> are doing your class augmentation -- if you can defer the
> call until after you hack it, it should work.
>

No, I did the InitializeClass() *after* everything else.
So still no explaination. For what's going on.

> If for some reason you can't defer the call to InitializeClass,
> it should be safe to create another ClassSecurityInfo and apply
> it manually, e.g.:
>
>   class MyProduct(...):
>   security=ClassSecurityInfo()
>
>   
>
>   setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement)
>   xtra = ClassSecurityInfo()
>   xtra.security.declareProtected('View', 'FileManagement.html')
>   xtra.apply(MyProduct)

That's sort of what I've done now. My code looks something like this::

 class MyProduct(...):
 security = ClassSecurityInfo()
 security.declareProtected('View','blabla')
 def blabla():
  pass

 setattr(MyProduct, 'blabla.html', MyProduct.blabla)
 security.declareProtected('View', 'blabla.html')
 security.apply(MyProduct)
 InitializeClass(MyProduct)

...and now everything seems to be happy.

Thanks for the advice.





>
>
> HTH,
>
> Brian Lloyd[EMAIL PROTECTED]
> V.P. Engineering   540.361.1716
> Zope Corporation   http://www.zope.com
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> > Peter Bengtsson
> > Sent: Thursday, January 26, 2006 9:44 AM
> > To: [Zope]
> > Subject: [Zope] Security class attribute
> >
> >
> > Now in Zope 2.9 I get these warnings::
> >
> >  2006-01-26 14:31:45 WARNING Init Class
> > Products.MyProduct.Homesite.FilesContainer has a security declaration
> > for nonexistent method 'FileManagement'
> >
> > That's understandable because I've coded it like this::
> >
> >  class MyProduct(...):
> >  security=ClassSecurityInfo()
> >  security.declareProtected('View', 'FileManagement.html')
> >
> >  setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement)
> >
> > In other words, I create methods after the class has been defined and
> > squeeze them in manually. Very convenient.
> > To avoid the WARNING message above I thought I could use
> > declareProtected() _after_ the the class has been defined just as with
> > the additional method; but no luck :(
> > I tried this::
> >  class MyProduct(...):
> >  security=ClassSecurityInfo()
> >
> >  setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement)
> >  MyProduct.security.declareProtected('View', 'FileManagement.html')
> >
> > But I'm getting::
> >
> >  AttributeError: type object 'MyProduct' has no attribute 'security'
> >
> > Which I totally don't understand. To test my sanity I wrote this test
> > script which works fine::
> >
> >  class _Z:
> > def __init__(self):
> > self.z = "Z"
> > def declareProtected(self, *a,**k):
> > print "++declare something+"
> > def foo():
> > print "I'm being called"
> > return _Z()
> > class A:
> > security=foo()
> > def __init__(self):
> > pass
> > A.security.declareProtected("foo")
> > print dir(A)
> >
> > Which works like you'd expect with the followin output::
> >
> >  I'm being called
> >  ++declare something+
> >  ['__doc__', '__init__', '__module__', 'security']
> >
> > What's going on [differently] in Zope? What am I missing?
> >
> >
> >
> >
> >
> > --
> > Peter Bengtsson,
> > work www.fry-it.com
> > home www.peterbe.com
> > hobby www.issuetrackerproduct.com
> > ___
> > Zope maillist  -  Zope@zope.org
> > http://mail.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists -
> >  http://mail.zope.org/mailman/listinfo/zope-announce
> >  http://mail.zope.org/mailman/listinfo/zope-dev )
> >
>


--
Peter Bengtsson,
work www.fry-it.com
home www.peterbe.com
hobby www.issuetrackerproduct.com
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists -
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )

RE: [Zope] Security class attribute

2006-01-26 Thread Brian Lloyd 
The ClassSecurityInfo is a convenience to provide a 
halfway-sane spelling for a lot of ugliness under the 
hood in setting up security.

IntializeClass (among other things) tells the CSI to 
apply itself to the class to set everything up, then it 
gets *removed* from the class.

I can't tell for sure from your code, but I suspect that 
IntializeClass is being called on MyProduct *before* you 
are doing your class augmentation -- if you can defer the 
call until after you hack it, it should work.

If for some reason you can't defer the call to InitializeClass, 
it should be safe to create another ClassSecurityInfo and apply 
it manually, e.g.:

  class MyProduct(...):
  security=ClassSecurityInfo()
 
  

  setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement)
  xtra = ClassSecurityInfo()
  xtra.security.declareProtected('View', 'FileManagement.html')
  xtra.apply(MyProduct)


HTH,

Brian Lloyd[EMAIL PROTECTED]
V.P. Engineering   540.361.1716  
Zope Corporation   http://www.zope.com 


> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Peter Bengtsson
> Sent: Thursday, January 26, 2006 9:44 AM
> To: [Zope]
> Subject: [Zope] Security class attribute
> 
> 
> Now in Zope 2.9 I get these warnings::
> 
>  2006-01-26 14:31:45 WARNING Init Class
> Products.MyProduct.Homesite.FilesContainer has a security declaration
> for nonexistent method 'FileManagement'
> 
> That's understandable because I've coded it like this::
> 
>  class MyProduct(...):
>  security=ClassSecurityInfo()
>  security.declareProtected('View', 'FileManagement.html')
> 
>  setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement)
> 
> In other words, I create methods after the class has been defined and
> squeeze them in manually. Very convenient.
> To avoid the WARNING message above I thought I could use
> declareProtected() _after_ the the class has been defined just as with
> the additional method; but no luck :(
> I tried this::
>  class MyProduct(...):
>  security=ClassSecurityInfo()
> 
>  setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement)
>  MyProduct.security.declareProtected('View', 'FileManagement.html')
> 
> But I'm getting::
> 
>  AttributeError: type object 'MyProduct' has no attribute 'security'
> 
> Which I totally don't understand. To test my sanity I wrote this test
> script which works fine::
> 
>  class _Z:
> def __init__(self):
> self.z = "Z"
> def declareProtected(self, *a,**k):
> print "++declare something+"
> def foo():
> print "I'm being called"
> return _Z()
> class A:
> security=foo()
> def __init__(self):
> pass
> A.security.declareProtected("foo")
> print dir(A)
> 
> Which works like you'd expect with the followin output::
> 
>  I'm being called
>  ++declare something+
>  ['__doc__', '__init__', '__module__', 'security']
> 
> What's going on [differently] in Zope? What am I missing?
> 
> 
> 
> 
> 
> --
> Peter Bengtsson,
> work www.fry-it.com
> home www.peterbe.com
> hobby www.issuetrackerproduct.com
> ___
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )
> 
___
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope-dev )