-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Antonio Beamud Montero wrote:
Hi all:
I'm using Zope 2.7. I have created a product that inherits from Folder.
The security assertions are::
security = ClassSecurityInfo()
security.declareObjectProtected('View management screens')
But I need to publish some ZPT methods public. I have declared them:
security.declarePublic('my_stations')
my_stations = PageTemplateFile('wsdl/my_stations.wsdl.zpt',
globals())
my_stations.content_type = 'text/xml'
And 'wsdl/my_stations.wsdl.zpt' has only a reference to absolute_url in:
---
...
port binding=tns:StationsBinding name=port
soap:address tal:attributes=location here/absolute_url
location=http://localhost:8000/ccx/StationsService/
/port
...
The problem is trying to access to this method as anonymous user gives
me:
...
Module Products.PageTemplates.Expressions, line 189, in _eval
Module Products.PageTemplates.Expressions, line 145, in _eval
__traceback_info__: here
Module Products.PageTemplates.Expressions, line 323, in restrictedTraverse
__traceback_info__: {'path': [u'absolute_url'], 'TraversalRequestNameStack':
[]}
Module Shared.DC.Scripts.Bindings, line 176, in __getattr__
Module Shared.DC.Scripts.Bindings, line 182, in __you_lose/li
Unauthorized: Not authorized to access binding: context (Also, an error
occurred while attempting to render the standard error message.)
With other methods declared publics all works ok (like published via SOAP)...
Can any one help me?
Your template uses 'here', which is and alias for the 'context' binding,
i.e. the object through which the template was acquired. That object
has permission settings which prevent anonymous access *to the object*,
which makes its use in a path expression impossible, even though the
'absolute_url' method of that object *would* be accessible by anonymous.
If this template needs to be renderable by anonymous users even for
contexts to which they do not have access, then you can give the
template a proxy role which *does* have access. Use with caution, and
double check that the template won't expose any data which *should* be
protected.
Tres.
- --
===
Tres Seaver +1 202-558-7113 [EMAIL PROTECTED]
Palladion Software Excellence by Designhttp://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFEdeA0+gerLs4ltQ4RAh8NAJ4x4u6UZ1L56x60f6gaXUzV/yX6igCcCEFV
2ug9atblCMjSgqPiYtU6nOI=
=2Cnb
-END PGP SIGNATURE-
___
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )