RE: [Zope-dev] New security model and products breaking zope management
> > After much munching trough the code, I made the simple change > > (attached) to lib/python/app/Management.py based on the > > warnings given by that same file and > > lib/python/AccessControl/ZopeSecurityPolicy.py - and now my > > Zope 2.2 is working just fine. > > > > I don't know whether the problem is in a Product or > > Management.py, but my "fix" makes sense to me... I think that this makes sense - I've added the patch to Management.py for 2.2. Brian Lloyd[EMAIL PROTECTED] Software Engineer 540.371.6909 Digital Creations http://www.digicool.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] New security model and products breaking zope management
On Mon, 26 Jun 2000, Lalo Martins wrote: > I had the same problem ("Contents" tab not appearing) and it > didn't even occur to me that it might be a Product (because > that happened before the update on Products was released). > > After much munching trough the code, I made the simple change > (attached) to lib/python/app/Management.py based on the > warnings given by that same file and > lib/python/AccessControl/ZopeSecurityPolicy.py - and now my > Zope 2.2 is working just fine. > > I don't know whether the problem is in a Product or > Management.py, but my "fix" makes sense to me... Well, your fix fixed the "a_" problem, but not the permissions problem (I don't get prompted for a login when accessing /manage_main). I haven't gotten too far on my testing yet, but I have shown that a zero length __init__.py file in the EMarket product directory still yeilds the problem. I don't understand the product import process, so I don't know what else does get loaded with a zero length __init__ file. I'll do more experimenting Wednesday... --RDM -- --- Management.py.orig Thu Jun 22 01:18:59 2000 +++ Management.py Thu Jun 22 01:48:48 2000 @@ -127,7 +127,7 @@ if o is None: continue try: -if validate(value=o): +if validate(container=self, value=o): result.append(d) except: if not hasattr(o, '__roles__'): ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] New security model and products breaking zope management
"R. David Murray" wrote: > > OK, I've stared at this for a couple days and have not made any progress. > Perhaps others will have some insights. > > Zope 2.2.0b2, clean install. Works fine. Add EMarket. Now the > management is broken. Accessing the base URL of the site with > /manage_main appended gives you the file list view of the root > folder, with no prompt for authentication. Accessing /manage > prompts for a login, but the right panel view is the import/export > screen and not the folder list. There's other weird stuff, like > a key error on "a_", which appears to be temporary variable used > in one of the DTML management pages. > > I've read Brian's 2.2 product security update, and it looks to me like > EMarket is Doing the Right Thing (though I haven't checked completely for > unprotected methods yet), which makes sense since it was a working > product . > > I have a private report that eTailor also has this problem, but haven't > tested it myself. If I am not the source of that report, chalk up another one for the tally. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] New security model and products breaking zope management
OK, I've stared at this for a couple days and have not made any progress. Perhaps others will have some insights. Zope 2.2.0b2, clean install. Works fine. Add EMarket. Now the management is broken. Accessing the base URL of the site with /manage_main appended gives you the file list view of the root folder, with no prompt for authentication. Accessing /manage prompts for a login, but the right panel view is the import/export screen and not the folder list. There's other weird stuff, like a key error on "a_", which appears to be temporary variable used in one of the DTML management pages. I've read Brian's 2.2 product security update, and it looks to me like EMarket is Doing the Right Thing (though I haven't checked completely for unprotected methods yet), which makes sense since it was a working product . I have a private report that eTailor also has this problem, but haven't tested it myself. There was another 2.2.0b2 bug report on the mailing list recently that gave similar problem symptoms (import/export screen in management) that also looks to be the result of an installed product. No report as to which product yet. So, what could a product be doing that would cause the management interface to break like this? It seems like it must be munging the permission list for folders. I do see a place where EMarket is copying stuff from Folder, but it takes care to *copy* the one data structure that it actually changes. Still, could the fact that other stuff is referenced directly be interacting with the new security system somehow? I'm about to start running experiments to see if I can figure out what in the code is causing the problem, but I feel like I'm groping in the dark so far. Any clues or research suggestions greatfully accepted. --RDM ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )