[Zope3-Users] Re: zopeproject 0.4: using without easy_installing, egg-info error
Philipp von Weitershausen wrote: Is there a pro/con list to including a bootstrap.py in zopeproject for the other way of using buildout? I don't quite understand. zopeproject works completely without needing bootstrap.py. After calling zopeproject, you end up with a completely bootstrapped *and* installed buildout sandbox. This non-system python-2.4.4 has an empty site-packages, and is owned by root. I don't have setuptools or buildout installed in the non-system python. When working with a z3c.formdemo checkout for example, I can start: # /opt/python24/python/bin/python bootstrap.py Without using sudo. That bootstrap process creates a local bin/buildout, uses setuptools and zc.buildout from ~/.buildout/eggs, and the non-system python: #!/opt/python24/python/bin/python import sys sys.path[0:0] = [ '/home/myuser/.buildout/eggs/setuptools-0.6c7-py2.4.egg', '/home/myuser/.buildout/eggs/zc.buildout-1.0.0b30-py2.4.egg', ] import zc.buildout.buildout if __name__ == '__main__': zc.buildout.buildout.main() I'm going to familiarize myself with virtualenv; I haven't yet only because the above method seemed both convenient and clear about its use of python environment and eggs. Thanks. ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Problem with z3c.form security when rendering error
HI, list: I am new to z3c.form. In my first AddForm, I encountered the following problem: When the form is submitted which contains some input error, like missing required fields, the rendering of the error message causes an system error. The traceback: ... File /usr/lib/python2.5/site-packages/zope.app.pagetemplate-3.4.0b1dev_r75616-py2.5.egg/zope/app/pagetemplate/engine.py, line 68, in __call__ request=request) File /usr/lib/python2.5/site-packages/zope.traversing-3.5.0a1.dev_r78730-py2.5.egg/zope/traversing/adapters.py, line 164, in traversePathElement return traversable.traverse(nm, further_path) - __traceback_info__: (ErrorViewSnippet for RequiredMissing, 'widget') File /usr/lib/python2.5/site-packages/zope.traversing-3.5.0a1.dev_r78730-py2.5.egg/zope/traversing/adapters.py, line 52, in traverse raise TraversalError(subject, name) - __traceback_info__: (ErrorViewSnippet for RequiredMissing, 'widget', []) TraversalError: (ErrorViewSnippet for RequiredMissing, 'widget') After a little debugging, I was able to find that the chain leading to the error is as follows: 1. div-form.pt in the z3c.formui package contains the following error presentation: li tal:repeat=error view/widgets/errors tal:block condition=error/widget span tal:replace=error/widget/label /: /tal:block span tal:replace=structure error/renderError Type/span /li error/widget is accessed here, with error being an ErrorViewSnippet object. 2. The ErrorViewSnipped is created in field.py using: view = zope.component.getMultiAdapter( (error, self.request, widget, widget.field, self.form, self.content), interfaces.IErrorViewSnippet) As in my application, self.content is a custom ISite folder, which is security proxied, the getMultiAdapter method returns a security proxied ErrorViewSnippet object. 3. Access to ErrorViewSnippet is defined in z3c.form/configure.zcml as: adapter factory=.error.ErrorViewSnippet trusted=True permission=zope.Public / The IErrorViewSnippet interface contains only 3 attributes: error, update, render. Those are accessible to everyone. But there is no security declaration for the 'widget' attribute, so access to it is denied: (Pdb) snippet ErrorViewSnippet for RequiredMissing (Pdb) type(snippet) type 'zope.security._proxy._Proxy' (Pdb) from zope.security.proxy import getChecker (Pdb) getChecker(snippet).get_permissions {'update': Global(CheckerPublic,zope.security.checker), 'render': Global(CheckerPublic,zope.security.checker), 'error': Global(CheckerPublic,zope.security.checker)} (Pdb) from zope.security import canAccess (Pdb) canAccess(snippet, 'widget') *** ForbiddenAttribute: ('widget', ErrorViewSnippet for RequiredMissing) So it seems the default z3c.form security declaration only allows access to 'update', 'error' and 'render' attributes of an ErrorViewSnippet object. I tried to work this around the by adding the 'widget' attribute to the IErrorViewSnippet interface and the system error is no longer raised. However, this time, another exception is raised saying the 'label' property of the widget is not accessible. How can I setup my security properly to use z3c.form smoothly? Shouldn't 'widget' not be in IErrorViewSnippet since it is evidently externally used in the rendering template? Thanks for suggestions. -- Hong Yuan 大管家网上建材超市 装修装潢建材一站式购物 http://www.homemaster.cn ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] zopeproject Exception debugging
Hello, In the 'Debugging' section of zopeproject's project page, the following is mentioned for the ajax based exception debugging: When you now repeat the steps that led to the exception, you will see the relevant traceback in your browser, along with the ability to view the corresponding source code and to issue Python commands for inspection. However, after an exception, I can only see the traceback and code segments displayed in the browser. How can I issue Python commands for further inspection? Thanks, -- Hong Yuan 大管家网上建材超市 装修装潢建材一站式购物 http://www.homemaster.cn ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Problem with z3c.form security when rendering error
Hi Yuan, Am 20.09.2007 um 18:17 schrieb Yuan HOng: I am new to z3c.form. In my first AddForm, I encountered the following problem: When the form is submitted which contains some input error, like missing required fields, the rendering of the error message causes an system error. I'm happy to see that someone else encounters this error, too ;-) See my posting about security concerns with `z3c.layer`'s trusted traversers one or two weeks ago. [...] So it seems the default z3c.form security declaration only allows access to 'update', 'error' and 'render' attributes of an ErrorViewSnippet object. I tried to work this around the by adding the 'widget' attribute to the IErrorViewSnippet interface and the system error is no longer raised. However, this time, another exception is raised saying the 'label' property of the widget is not accessible. Try to add security declarations for the widgets you use as well (see the posting mentioned above). How can I setup my security properly to use z3c.form smoothly? Shouldn't 'widget' not be in IErrorViewSnippet since it is evidently externally used in the rendering template? Probably. Thanks for suggestions. -- Hong Yuan Regards, Markus Kemmerling ___ Medical University Vienna Core Unit for Medical Education P.O. Box 10 A-1097 Vienna phone: +43-1-40 160-36 863 fax: +43-1-40 160-93 65 00 http://www.meduniwien.ac.at/bemaw/ ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Problem with z3c.form security when rendering error
Hi Yuan, I think I am having the same problem, as in all the errors look the same. I have just committed a fix for my problem so hopefully it is the same problem. I did like you said added the widget to the interface and declared that all the widgets require the zope.Public permission to access the attribute. Michael On Thursday 20 September 2007 17:17:05 Yuan HOng wrote: HI, list: I am new to z3c.form. In my first AddForm, I encountered the following problem: When the form is submitted which contains some input error, like missing required fields, the rendering of the error message causes an system error. The traceback: ... File /usr/lib/python2.5/site-packages/zope.app.pagetemplate-3.4.0b1dev_r75616-p y2.5.egg/zope/app/pagetemplate/engine.py, line 68, in __call__ request=request) File /usr/lib/python2.5/site-packages/zope.traversing-3.5.0a1.dev_r78730-py2.5. egg/zope/traversing/adapters.py, line 164, in traversePathElement return traversable.traverse(nm, further_path) - __traceback_info__: (ErrorViewSnippet for RequiredMissing, 'widget') File /usr/lib/python2.5/site-packages/zope.traversing-3.5.0a1.dev_r78730-py2.5. egg/zope/traversing/adapters.py, line 52, in traverse raise TraversalError(subject, name) - __traceback_info__: (ErrorViewSnippet for RequiredMissing, 'widget', []) TraversalError: (ErrorViewSnippet for RequiredMissing, 'widget') After a little debugging, I was able to find that the chain leading to the error is as follows: 1. div-form.pt in the z3c.formui package contains the following error presentation: li tal:repeat=error view/widgets/errors tal:block condition=error/widget span tal:replace=error/widget/label /: /tal:block span tal:replace=structure error/renderError Type/span /li error/widget is accessed here, with error being an ErrorViewSnippet object. 2. The ErrorViewSnipped is created in field.py using: view = zope.component.getMultiAdapter( (error, self.request, widget, widget.field, self.form, self.content), interfaces.IErrorViewSnippet) As in my application, self.content is a custom ISite folder, which is security proxied, the getMultiAdapter method returns a security proxied ErrorViewSnippet object. 3. Access to ErrorViewSnippet is defined in z3c.form/configure.zcml as: adapter factory=.error.ErrorViewSnippet trusted=True permission=zope.Public / The IErrorViewSnippet interface contains only 3 attributes: error, update, render. Those are accessible to everyone. But there is no security declaration for the 'widget' attribute, so access to it is denied: (Pdb) snippet ErrorViewSnippet for RequiredMissing (Pdb) type(snippet) type 'zope.security._proxy._Proxy' (Pdb) from zope.security.proxy import getChecker (Pdb) getChecker(snippet).get_permissions {'update': Global(CheckerPublic,zope.security.checker), 'render': Global(CheckerPublic,zope.security.checker), 'error': Global(CheckerPublic,zope.security.checker)} (Pdb) from zope.security import canAccess (Pdb) canAccess(snippet, 'widget') *** ForbiddenAttribute: ('widget', ErrorViewSnippet for RequiredMissing) So it seems the default z3c.form security declaration only allows access to 'update', 'error' and 'render' attributes of an ErrorViewSnippet object. I tried to work this around the by adding the 'widget' attribute to the IErrorViewSnippet interface and the system error is no longer raised. However, this time, another exception is raised saying the 'label' property of the widget is not accessible. How can I setup my security properly to use z3c.form smoothly? Shouldn't 'widget' not be in IErrorViewSnippet since it is evidently externally used in the rendering template? Thanks for suggestions. ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Re: zopeproject Exception debugging
Yuan HOng wrote: Hello, In the 'Debugging' section of zopeproject's project page, the following is mentioned for the ajax based exception debugging: When you now repeat the steps that led to the exception, you will see the relevant traceback in your browser, along with the ability to view the corresponding source code and to issue Python commands for inspection. However, after an exception, I can only see the traceback and code segments displayed in the browser. How can I issue Python commands for further inspection? Click on the '+' next to the method name (on the right hand side) and an input box will appear. You can enter arbitrary Python code there. Note that you can also use the pdb by changing debug.ini. Instead of using the #ajax entry point, use #pdb. -- http://worldcookery.com -- Professional Zope documentation and training ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users