[Zope3-Users] Re: zopeproject 0.4: using without easy_installing, egg-info error
Philipp von Weitershausen wrote: Is there a pro/con list to including a bootstrap.py in zopeproject for the other way of using buildout? I don't quite understand. zopeproject works completely without needing bootstrap.py. After calling zopeproject, you end up with a completely bootstrapped *and* installed buildout sandbox. This non-system python-2.4.4 has an empty site-packages, and is owned by root. I don't have setuptools or buildout installed in the non-system python. When working with a z3c.formdemo checkout for example, I can start: # /opt/python24/python/bin/python bootstrap.py Without using sudo. That bootstrap process creates a local bin/buildout, uses setuptools and zc.buildout from ~/.buildout/eggs, and the non-system python: #!/opt/python24/python/bin/python import sys sys.path[0:0] = [ '/home/myuser/.buildout/eggs/setuptools-0.6c7-py2.4.egg', '/home/myuser/.buildout/eggs/zc.buildout-1.0.0b30-py2.4.egg', ] import zc.buildout.buildout if __name__ == '__main__': zc.buildout.buildout.main() I'm going to familiarize myself with virtualenv; I haven't yet only because the above method seemed both convenient and clear about its use of python environment and eggs. Thanks. ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Problem with z3c.form security when rendering error
HI, list:
I am new to z3c.form. In my first AddForm, I encountered the following problem:
When the form is submitted which contains some input error, like
missing required fields, the rendering of the error message causes an
system error. The traceback:
...
File
/usr/lib/python2.5/site-packages/zope.app.pagetemplate-3.4.0b1dev_r75616-py2.5.egg/zope/app/pagetemplate/engine.py,
line 68, in __call__
request=request)
File
/usr/lib/python2.5/site-packages/zope.traversing-3.5.0a1.dev_r78730-py2.5.egg/zope/traversing/adapters.py,
line 164, in traversePathElement
return traversable.traverse(nm, further_path)
- __traceback_info__: (ErrorViewSnippet for RequiredMissing, 'widget')
File
/usr/lib/python2.5/site-packages/zope.traversing-3.5.0a1.dev_r78730-py2.5.egg/zope/traversing/adapters.py,
line 52, in traverse
raise TraversalError(subject, name)
- __traceback_info__: (ErrorViewSnippet for RequiredMissing, 'widget', [])
TraversalError: (ErrorViewSnippet for RequiredMissing, 'widget')
After a little debugging, I was able to find that the chain leading to
the error is as follows:
1. div-form.pt in the z3c.formui package contains the following error
presentation:
li tal:repeat=error view/widgets/errors
tal:block condition=error/widget
span tal:replace=error/widget/label /:
/tal:block
span tal:replace=structure error/renderError Type/span
/li
error/widget is accessed here, with error being an ErrorViewSnippet object.
2. The ErrorViewSnipped is created in field.py using:
view = zope.component.getMultiAdapter(
(error, self.request, widget, widget.field,
self.form, self.content), interfaces.IErrorViewSnippet)
As in my application, self.content is a custom ISite folder, which is
security proxied, the getMultiAdapter method returns a security
proxied ErrorViewSnippet object.
3. Access to ErrorViewSnippet is defined in z3c.form/configure.zcml as:
adapter
factory=.error.ErrorViewSnippet
trusted=True
permission=zope.Public
/
The IErrorViewSnippet interface contains only 3 attributes: error,
update, render. Those are accessible to everyone. But there is no
security declaration for the 'widget' attribute, so access to it is
denied:
(Pdb) snippet
ErrorViewSnippet for RequiredMissing
(Pdb) type(snippet)
type 'zope.security._proxy._Proxy'
(Pdb) from zope.security.proxy import getChecker
(Pdb) getChecker(snippet).get_permissions
{'update': Global(CheckerPublic,zope.security.checker), 'render':
Global(CheckerPublic,zope.security.checker), 'error':
Global(CheckerPublic,zope.security.checker)}
(Pdb) from zope.security import canAccess
(Pdb) canAccess(snippet, 'widget')
*** ForbiddenAttribute: ('widget', ErrorViewSnippet for RequiredMissing)
So it seems the default z3c.form security declaration only allows
access to 'update', 'error' and 'render' attributes of an
ErrorViewSnippet object. I tried to work this around the by adding the
'widget' attribute to the IErrorViewSnippet interface and the system
error is no longer raised. However, this time, another exception is
raised saying the 'label' property of the widget is not accessible.
How can I setup my security properly to use z3c.form smoothly?
Shouldn't 'widget' not be in IErrorViewSnippet since it is evidently
externally used in the rendering template?
Thanks for suggestions.
--
Hong Yuan
大管家网上建材超市
装修装潢建材一站式购物
http://www.homemaster.cn
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] zopeproject Exception debugging
Hello, In the 'Debugging' section of zopeproject's project page, the following is mentioned for the ajax based exception debugging: When you now repeat the steps that led to the exception, you will see the relevant traceback in your browser, along with the ability to view the corresponding source code and to issue Python commands for inspection. However, after an exception, I can only see the traceback and code segments displayed in the browser. How can I issue Python commands for further inspection? Thanks, -- Hong Yuan 大管家网上建材超市 装修装潢建材一站式购物 http://www.homemaster.cn ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Problem with z3c.form security when rendering error
Hi Yuan, Am 20.09.2007 um 18:17 schrieb Yuan HOng: I am new to z3c.form. In my first AddForm, I encountered the following problem: When the form is submitted which contains some input error, like missing required fields, the rendering of the error message causes an system error. I'm happy to see that someone else encounters this error, too ;-) See my posting about security concerns with `z3c.layer`'s trusted traversers one or two weeks ago. [...] So it seems the default z3c.form security declaration only allows access to 'update', 'error' and 'render' attributes of an ErrorViewSnippet object. I tried to work this around the by adding the 'widget' attribute to the IErrorViewSnippet interface and the system error is no longer raised. However, this time, another exception is raised saying the 'label' property of the widget is not accessible. Try to add security declarations for the widgets you use as well (see the posting mentioned above). How can I setup my security properly to use z3c.form smoothly? Shouldn't 'widget' not be in IErrorViewSnippet since it is evidently externally used in the rendering template? Probably. Thanks for suggestions. -- Hong Yuan Regards, Markus Kemmerling ___ Medical University Vienna Core Unit for Medical Education P.O. Box 10 A-1097 Vienna phone: +43-1-40 160-36 863 fax: +43-1-40 160-93 65 00 http://www.meduniwien.ac.at/bemaw/ ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Problem with z3c.form security when rendering error
Hi Yuan,
I think I am having the same problem, as in all the errors look the same. I
have just committed a fix for my problem so hopefully it is the same problem.
I did like you said added the widget to the interface and declared that all
the widgets require the zope.Public permission to access the attribute.
Michael
On Thursday 20 September 2007 17:17:05 Yuan HOng wrote:
HI, list:
I am new to z3c.form. In my first AddForm, I encountered the following
problem:
When the form is submitted which contains some input error, like
missing required fields, the rendering of the error message causes an
system error. The traceback:
...
File
/usr/lib/python2.5/site-packages/zope.app.pagetemplate-3.4.0b1dev_r75616-p
y2.5.egg/zope/app/pagetemplate/engine.py, line 68, in __call__
request=request)
File
/usr/lib/python2.5/site-packages/zope.traversing-3.5.0a1.dev_r78730-py2.5.
egg/zope/traversing/adapters.py, line 164, in traversePathElement
return traversable.traverse(nm, further_path)
- __traceback_info__: (ErrorViewSnippet for RequiredMissing, 'widget')
File
/usr/lib/python2.5/site-packages/zope.traversing-3.5.0a1.dev_r78730-py2.5.
egg/zope/traversing/adapters.py, line 52, in traverse
raise TraversalError(subject, name)
- __traceback_info__: (ErrorViewSnippet for RequiredMissing, 'widget',
[]) TraversalError: (ErrorViewSnippet for RequiredMissing, 'widget')
After a little debugging, I was able to find that the chain leading to
the error is as follows:
1. div-form.pt in the z3c.formui package contains the following error
presentation:
li tal:repeat=error view/widgets/errors
tal:block condition=error/widget
span tal:replace=error/widget/label /:
/tal:block
span tal:replace=structure error/renderError Type/span
/li
error/widget is accessed here, with error being an ErrorViewSnippet object.
2. The ErrorViewSnipped is created in field.py using:
view = zope.component.getMultiAdapter(
(error, self.request, widget, widget.field,
self.form, self.content), interfaces.IErrorViewSnippet)
As in my application, self.content is a custom ISite folder, which is
security proxied, the getMultiAdapter method returns a security
proxied ErrorViewSnippet object.
3. Access to ErrorViewSnippet is defined in z3c.form/configure.zcml as:
adapter
factory=.error.ErrorViewSnippet
trusted=True
permission=zope.Public
/
The IErrorViewSnippet interface contains only 3 attributes: error,
update, render. Those are accessible to everyone. But there is no
security declaration for the 'widget' attribute, so access to it is
denied:
(Pdb) snippet
ErrorViewSnippet for RequiredMissing
(Pdb) type(snippet)
type 'zope.security._proxy._Proxy'
(Pdb) from zope.security.proxy import getChecker
(Pdb) getChecker(snippet).get_permissions
{'update': Global(CheckerPublic,zope.security.checker), 'render':
Global(CheckerPublic,zope.security.checker), 'error':
Global(CheckerPublic,zope.security.checker)}
(Pdb) from zope.security import canAccess
(Pdb) canAccess(snippet, 'widget')
*** ForbiddenAttribute: ('widget', ErrorViewSnippet for RequiredMissing)
So it seems the default z3c.form security declaration only allows
access to 'update', 'error' and 'render' attributes of an
ErrorViewSnippet object. I tried to work this around the by adding the
'widget' attribute to the IErrorViewSnippet interface and the system
error is no longer raised. However, this time, another exception is
raised saying the 'label' property of the widget is not accessible.
How can I setup my security properly to use z3c.form smoothly?
Shouldn't 'widget' not be in IErrorViewSnippet since it is evidently
externally used in the rendering template?
Thanks for suggestions.
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Re: zopeproject Exception debugging
Yuan HOng wrote: Hello, In the 'Debugging' section of zopeproject's project page, the following is mentioned for the ajax based exception debugging: When you now repeat the steps that led to the exception, you will see the relevant traceback in your browser, along with the ability to view the corresponding source code and to issue Python commands for inspection. However, after an exception, I can only see the traceback and code segments displayed in the browser. How can I issue Python commands for further inspection? Click on the '+' next to the method name (on the right hand side) and an input box will appear. You can enter arbitrary Python code there. Note that you can also use the pdb by changing debug.ini. Instead of using the #ajax entry point, use #pdb. -- http://worldcookery.com -- Professional Zope documentation and training ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
