RE: [Zope3-Users] Where unauthorized is raised?
Cheers, Thanks for the reply. And I shall remember (he hopes). Regards, Darryl Roger Ineichen wrote: > Yes, I use most the time locate="True". But right, set the parent > explicit is also Ok. I don't thnk there is a preferred way. > > just remember, > the missing location on a adapters is most the time responsible > for permission lookup problems. > > Regards > Roger Ineichen ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
RE: [Zope3-Users] Where unauthorized is raised?
Hi Darryl > Hi Roger, > > Thanks. Is there a preferred option between using > self.context = self.__parent__ = context and setting the > 'locate' directive in configure. > > My thought is that setting __parent__ on the adapter is > unecessary if locate does the job. Yes, I use most the time locate="True". But right, set the parent explicit is also Ok. I don't thnk there is a preferred way. just remember, the missing location on a adapters is most the time responsible for permission lookup problems. Regards Roger Ineichen ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Where unauthorized is raised?
Hi Takayuki, Thanks for that. I hadn't used PostmortemDebuggingHTTP before today. Regards, Darryl Takayuki Shimizukawa wrote: > Hi Darryl. > > 2006/7/21, Darryl Cousins <[EMAIL PROTECTED]>: > > What I need to know is where is this Unauthorized being raised to debug > > further (as my principal indeed has the permission tfws.view). I need to > > pinpoint why. > > PostmortemDebuggingHTTP might teach the exception point. > Please make PostmortemDebuggingHTTP effective with zope.conf, and use > the port specified for URL. > ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
RE: [Zope3-Users] Where unauthorized is raised?
Hi Roger, Thanks. Is there a preferred option between using self.context = self.__parent__ = context and setting the 'locate' directive in configure. My thought is that setting __parent__ on the adapter is unecessary if locate does the job. Best regards, Darryl Roger Ineichen wrote: > > You can use in the adapter directive the locate attribute and perhaps > a trusted attribute like: > > name="photo_or_somthing" > factory="theFactory" > locate="True" > trusted="True" > /> > ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
RE: [Zope3-Users] Where unauthorized is raised?
Hi Darryl > Hi, > > def __init__ ... > self.context = self.__parent__ = context > > That's what I was missing in the adapter. Can I clarify this? > > The adapter is adapting an object (`self.context=context` in > `__init__`). > The field is getting an attribute from the security-proxied adapter. > The permission is found on the adapter ('tfws.view') and the > principal has this permission in the context, **but**; not on > the adapter because the adapter has no 'location'. Only when > I gave it a location with `self.__parent__` was the > principal's possesion of the permission recognised as > applying also to the adapter. > > Baiju: Probably one for your faq? Pester me. > > Likely be it, that somewhere is text that would have informed > me. Damned if I could find it though. Excuse the noise. You can use in the adapter directive the locate attribute and perhaps a trusted attribute like: The attribute locate will proxy your adapter with a LocationProxy The trusted attribute will make sure that the security proxy get wrapped outside the adapter, which means that you have trusted access to yur adapters method but every thing which is returned from this methods get proxied. If a adapter is not trusted, the method of the adapter itself get security proxied. > Cheers. > Darryl > > PS: > > Where is that Unauthorized raised? > > # grep -R Unauthorized /usr/lib/python2.4/site-packages/zope/ > | grep raise | uniq ... > /usr/lib/python2.4/site-packages/zope/security/checker.py: > raise Unauthorized(object, name, permission) ... > > That's the only one that matches, but I don't believe that is > it. Maybe then in a .so? Curious. > > Darryl. > > > On Fri, 2006-07-21 at 20:26 +1200, Darryl Cousins wrote: > > Hi, > > > > An update on this. > > > > When I change the permission on IMemberEditForm to zope.Public or > > zope.View then the form is displayed. Which is why I want > to find the > > permission checker. The principal can view other objects > protected by > > tfws.view but not this one. > > > > If I can find where the permission is being checked then perhaps I > > will find out why my principal is not passing the security > checker and > > how I can fix it. > > > > Sorry if I'm getting hysterical. > > > > Regards, > > Darryl > > > > On Fri, 2006-07-21 at 19:33 +1200, Darryl Cousins wrote: > > > Hi All, > > > > > > I'm having a permissions problem with a formlib form and > an adapter. > > > > > > I have put the following in zope/schema/_bootstrapfields.py > > > > > > class Field ... > > > > > > def get(self, object): > > > try: > > > getattr(object, self.__name__) > > > except: > > > import sys > > > print sys.exc_type, sys.exc_value > > > return getattr(object, self.__name__) > > > > > > the print I get is: > > > > > > zope.security.interfaces.Unauthorized > > > ( > > 0xb5b5bc8c>, 'clear_photo', 'tfws.view') > > > > > > What I need to know is where is this Unauthorized being raised to > > > debug further (as my principal indeed has the permission > tfws.view). > > > I need to pinpoint why. > > > > > > the only raise I can find that matches is in > zope/security/checker > > > but 'print's that I have added there give me nothing. > > > > > > Thanks, > > > Darryl > > > > > > ___ > > > Zope3-users mailing list > > > Zope3-users@zope.org > > > http://mail.zope.org/mailman/listinfo/zope3-users > > > > ___ > > Zope3-users mailing list > > Zope3-users@zope.org > > http://mail.zope.org/mailman/listinfo/zope3-users > > ___ > Zope3-users mailing list > Zope3-users@zope.org > http://mail.zope.org/mailman/listinfo/zope3-users > ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Where unauthorized is raised?
Hi, def __init__ ... self.context = self.__parent__ = context That's what I was missing in the adapter. Can I clarify this? The adapter is adapting an object (`self.context=context` in `__init__`). The field is getting an attribute from the security-proxied adapter. The permission is found on the adapter ('tfws.view') and the principal has this permission in the context, **but**; not on the adapter because the adapter has no 'location'. Only when I gave it a location with `self.__parent__` was the principal's possesion of the permission recognised as applying also to the adapter. Baiju: Probably one for your faq? Pester me. Likely be it, that somewhere is text that would have informed me. Damned if I could find it though. Excuse the noise. Cheers. Darryl PS: Where is that Unauthorized raised? # grep -R Unauthorized /usr/lib/python2.4/site-packages/zope/ | grep raise | uniq ... /usr/lib/python2.4/site-packages/zope/security/checker.py: raise Unauthorized(object, name, permission) ... That's the only one that matches, but I don't believe that is it. Maybe then in a .so? Curious. Darryl. On Fri, 2006-07-21 at 20:26 +1200, Darryl Cousins wrote: > Hi, > > An update on this. > > When I change the permission on IMemberEditForm to zope.Public or > zope.View then the form is displayed. Which is why I want to find the > permission checker. The principal can view other objects protected by > tfws.view but not this one. > > If I can find where the permission is being checked then perhaps I will > find out why my principal is not passing the security checker and how I > can fix it. > > Sorry if I'm getting hysterical. > > Regards, > Darryl > > On Fri, 2006-07-21 at 19:33 +1200, Darryl Cousins wrote: > > Hi All, > > > > I'm having a permissions problem with a formlib form and an adapter. > > > > I have put the following in zope/schema/_bootstrapfields.py > > > > class Field ... > > > > def get(self, object): > > try: > > getattr(object, self.__name__) > > except: > > import sys > > print sys.exc_type, sys.exc_value > > return getattr(object, self.__name__) > > > > the print I get is: > > > > zope.security.interfaces.Unauthorized > > ( > 0xb5b5bc8c>, 'clear_photo', 'tfws.view') > > > > What I need to know is where is this Unauthorized being raised to debug > > further (as my principal indeed has the permission tfws.view). I need to > > pinpoint why. > > > > the only raise I can find that matches is in zope/security/checker but > > 'print's that I have added there give me nothing. > > > > Thanks, > > Darryl > > > > ___ > > Zope3-users mailing list > > Zope3-users@zope.org > > http://mail.zope.org/mailman/listinfo/zope3-users > > ___ > Zope3-users mailing list > Zope3-users@zope.org > http://mail.zope.org/mailman/listinfo/zope3-users ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Where unauthorized is raised?
Hi, An update on this. When I change the permission on IMemberEditForm to zope.Public or zope.View then the form is displayed. Which is why I want to find the permission checker. The principal can view other objects protected by tfws.view but not this one. If I can find where the permission is being checked then perhaps I will find out why my principal is not passing the security checker and how I can fix it. Sorry if I'm getting hysterical. Regards, Darryl On Fri, 2006-07-21 at 19:33 +1200, Darryl Cousins wrote: > Hi All, > > I'm having a permissions problem with a formlib form and an adapter. > > I have put the following in zope/schema/_bootstrapfields.py > > class Field ... > > def get(self, object): > try: > getattr(object, self.__name__) > except: > import sys > print sys.exc_type, sys.exc_value > return getattr(object, self.__name__) > > the print I get is: > > zope.security.interfaces.Unauthorized > ( 0xb5b5bc8c>, 'clear_photo', 'tfws.view') > > What I need to know is where is this Unauthorized being raised to debug > further (as my principal indeed has the permission tfws.view). I need to > pinpoint why. > > the only raise I can find that matches is in zope/security/checker but > 'print's that I have added there give me nothing. > > Thanks, > Darryl > > ___ > Zope3-users mailing list > Zope3-users@zope.org > http://mail.zope.org/mailman/listinfo/zope3-users ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users