[Zope-CMF] NodeAdapterBase doesn't respect xml:whitespace=preserve
In Products.GenericSetup.utils, class NodeAdapterBase: Method _getNodeText does not respect xml:whitespace=preserve: def _getNodeText(self, node): text = '' for child in node.childNodes: if child.nodeName != '#text': continue lines = [ line.lstrip() for line in child.nodeValue.splitlines() ] text += '\n'.join(lines) return text As a result, a node like this: property name=sep type=string xml:whitespace=preserve to /property doesn't work to make sure that to is stored, not to . Does the xml python library support using xml:whitespace=preserve? How can this be fixed? Peace, George ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
[Zope-CMF] Trailing Slashes (Or Not) on URLs
Hi, I experience this using Plone and am assuming the same issue is true outside of Plone. When I click on a link with href #bluh on a page, it often adds a /#bluh to the page. I think this is the standard when the page has only, say, alphabetic characters in its name (http://domain.org/welcome; as opposed to http://domain.org/welcome.html;). But in this case, shouldn't Zope automatically add a / to the end of these URLs in order to make anchors work properly, as opposed to clicking an anchor link causing a reload of the page? It seems much to expect that a regular user typing something in the URL in their browser, or that a content manager, be expected to remember to manually add a slash at the end of the right URLs. Peace, George ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
Re: [Zope-CMF] Implicit and Acquirer
Thanks much. It was confusing because the code says certain classes inherit Implicit, but epydoc shows the class Acquirer. Other than understanding how Python wraps C classes -- is there anyway of seeing where the classes are defined, understanding the methods + method definitions, in a Python-looking way? Peace, George On 3/11/06, Dieter Maurer [EMAIL PROTECTED] wrote: George Lee wrote at 2006-3-11 00:41 -0500: ... What is the difference between Implicit and Acquirer? Between Explicit and Acquirer? An acquirer is an object with two components aq_self and aq_parent. If asked for an attribute, any acquirer passes the request on to aq_self and returns the result if aq_self can deliver the attribute. The difference between an ImplicitAcquirer and an ExplicitAcquirer comes only into play when aq_self cannot deliver the asked for attribute. In this case, an ImplicitAcquirer automatically passed the request on aq_parent while an ExplicitAcquirer fails (with an AttributeError). Including, what methods do Implicit and Explicit *add* or *override*? Both have the same methods (and attribute). For instance, does Explicit add an aq_acquire method? No. But aq_acquire is more important for an ExplicitAcquirer than for an ImplicitAcquirer: aq_acquire supports precise control over the lookup behaviour of all kinds of acquirers. With an ExplicitAcquirer, you (usually) must use aq_acquire to look the attribute up in aq_parent; an ImplicitAcquirer would do this automatically (if necessary). What else? Nothing. I tried sifting through the C code and the epydoc files but still couldn't make sense of it all -- it seems that Implicit and Acquirer are really the same, for instance. Answers or references would be very appreciated, thanks. Apparently, you have a reason to use the strange Implicit and Acquirer... In fact, there are two kinds of Acquirers: ImplicitAcquirer and ExplicitAcquirer. There is nothing like Implicit and Acquirer. -- Dieter ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
[Zope-CMF] Implicit and Acquirer
Hi, What is the difference between Implicit and Acquirer? Between Explicit and Acquirer? Including, what methods do Implicit and Explicit *add* or *override*? For instance, does Explicit add an aq_acquire method? What else? I tried sifting through the C code and the epydoc files but still couldn't make sense of it all -- it seems that Implicit and Acquirer are really the same, for instance. Answers or references would be very appreciated, thanks. Peace, George ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
[Zope-CMF] Classes whose instances appear in ZODB
If I want a class to appear in the ZODB, is that just a matter of subclassing SimpleItem? What additional attributes do I need to set -- for instance, do I need to define 'meta_type' for the class? Can a class be persistent but not have its instances appear in the ZODB -- for instance, does subclassing Persistent do this? (I want to define two classes, one of which stores instances of the other as an attribute.) Thanks; peace, George ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
Re: [Zope-CMF] Classes whose instances appear in ZODB
Instances show up in the list of objects in a container (which may be equivalent to the class showing up in the Add menu?) Peace, George On 3/8/06, Lennart Regebro [EMAIL PROTECTED] wrote: On 3/8/06, George Lee [EMAIL PROTECTED] wrote: If I want a class to appear in the ZODB, is that just a matter of subclassing SimpleItem? Define Appear? :-) Do you mean that you want it to pop up in the Add menu of the ZMI? -- Lennart Regebro, Nuxeo http://www.nuxeo.com/ CPS Content Management http://www.cps-project.org/ ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
[Zope-CMF] Solution -- Re: VIRTUAL_URL and ACTUAL_URL
A month and a half ago I wrote this list with a question about REQUEST['VIRTUAL_URL'], which Plone / CMF used to determine the 'came_from' variable on the login page. (When an anonymous user attempts to view a page that requires a login, Plone / CMF / CookieCrumbler sets 'came_from' to remember where to redirect the user after the login). In my Virtual Hosting setup, 'VIRTUAL_URL' was not being set, and 'came_from' was set incorrectly. It turns out that the error was that my hosting company had set up an enhanced VirtualHostMonster using http://www.zope.org/Members/sfm/SiteAccessEnhanced/ that makes it easier to map domains to directories. However, this product is outdated and does not set the 'VIRTUAL_URL'. Some lessons learned: (1) Even if you have a product somewhere like ~/lib/python/Products/SiteAccess, it may not be the one actually used by your instance. In my case, the updated VirtualHostMonster and SiteAccess was overridden by the customized VirtualHostMonster and SiteAccess at ~/instance1/Products/SiteAccess. This conflit also shows up in the Zope log if you take a look at it. (2) Using a python debugger is helpful! See http://plone.org/documentation/how-to/using_pdb and http://plone.org/documentation/tutorial/best-practices/debugging-plone for some on debugging in Plone. Peace, George ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
[Zope-CMF] VIRTUAL_URL and ACTUAL_URL (was Re: Collector Issues)
P.S.: Please do not reply to digest emails without changing the subject line to something useful *and* cutting the unnecessary stuff out of the quoted text. Sorry, I realized right after I replied. :-( I'd be interested in helping patch some stuff esp. Issue 393 but there's some background I don't know -- is there someone who's willing to explain some of the VIRTUAL_URL and ACTUAL_URL machinery relating to CookieCrumbler.py? + There's no machinery. Looking at the getUnauthorizedURL method in + the CookieVrumbler module you'll see a couple things very quickly: + + - ACTUAL_URL is not used at all + - VIRTUAL_URL is picked out of the REQUEST to fill the came_from + value for the login form *if* it doesn't already have a value and if + the REQUEST has a VIRTUAL_URL value. Right -- but the part that confuses me, is where do variables like came_from, ACTUAL_URL, and VIRTUAL_URL get set? Which ones get used, what items (Virtual Host Monster, Cookie Crumbler, etc.) fire in what order? What's the difference between ACTUAL_URL and VIRTUAL_URL, and are they both still used (somebody said VIRTUAL_URL isn't used)? I've tried digging some through the code but it's a little too complicated for me to figure out the big picture flow; once I have that, it'll be easier to figure out the details. Thanks; peace, George ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
[Zope-CMF] Re: Collector entries
P.S.: Please do not reply to digest emails without changing the subject line to something useful *and* cutting the unnecessary stuff out of the quoted text. Sorry, I realized right after I replied. :-( I'd be interested in helping patch some stuff esp. Issue 393 but there's some background I don't know -- is there someone who's willing to explain some of the VIRTUAL_URL and ACTUAL_URL machinery relating to CookieCrumbler.py? Peace, George ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
[Zope-CMF] Manager Proxy Role ineffective for deleting/moving objects
I forget if I submitted a collector issue about this before, but I didn't see it. I just posted one at http://www.zope.org/Collectors/CMF/396: Title: PortalFolder.py _verifyObjectPaste ignores executable security Version info: CMF 1.5.4 but also in trunk _verifyObjectPaste calls sm.checkPermission(permission_name,self) rather than _checkPermission(permission_name,self) This makes it ignore executable security. So, if _verifyObjectPaste is in an external method or in a script with sufficient proxy roles, it raises an Unauthorized error for users when the external method / proxy role security should suffice. Peace, George [originally posted this on the zope list yesterday but then discovered this list also] On 9/9/05, Dieter Maurer [EMAIL PROTECTED] wrote: George Lee wrote at 2005-9-8 23:57 -0400: ... Is it okay to just replace sm.checkPermission with _checkPermission from CMFCore.utils or is that not okay? Yes. But, please file a bug report as well. Also Dieter I noticed that Alan Runyan and you briefly discussed this issue back in 2002: http://mail.zope.org/pipermail/zope-cmf/2002-September/015350.html Any internal use should always take executable security (i.e. executable ownership and proxy roles) into account. Not doing so is a but, as things expected to be possible are not and (maybe even worse) things expected to be impossible may be possible. There may be a need for application code to check the permissions of the user with proxy roles not taken into account. E.g. a script that must use a Manager roles to do one thing but does not want to do another unless the current user has specific permissions. For this case, there also should be a method checking permissions with proxy roles not taken into account. -- Dieter ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
[Zope-CMF] External Methods, Proxy Roles, and Executable Security
In CMFCore of CMF 1.5.4: If a low-security-clearance user calls an external method (in a workflow scripts folder) that pastes an object from a PortalFolder, he gets an error because the following line in CMFCore.PortalFolder fails: if not sm.checkPermission(DeleteObjects, parent): raise AccessControl_Unauthorized This is even the case if sm.checkPermission is changed to _checkPermission, which takes into account proxy roles. The external method does not allow proxy roles attached, so I can't just add a Manager proxy role. Because I called the pasting in an external method, I expected it to go through without security problems! Is this a right expectation / and a bug, or a wrong expectation? Peace, George [originally posted this on the zope list yesterday but then discovered this list also] On 11/18/05, George Lee [EMAIL PROTECTED] wrote: I forget if I submitted a collector issue about this before, but I didn't see it. I just posted one at http://www.zope.org/Collectors/CMF/396: Title: PortalFolder.py _verifyObjectPaste ignores executable security Version info: CMF 1.5.4 but also in trunk _verifyObjectPaste calls sm.checkPermission(permission_name,self) rather than _checkPermission(permission_name,self) This makes it ignore executable security. So, if _verifyObjectPaste is in an external method or in a script with sufficient proxy roles, it raises an Unauthorized error for users when the external method / proxy role security should suffice. On 9/9/05, Dieter Maurer [EMAIL PROTECTED] wrote: George Lee wrote at 2005-9-8 23:57 -0400: ... Is it okay to just replace sm.checkPermission with _checkPermission from CMFCore.utils or is that not okay? Yes. But, please file a bug report as well. Also Dieter I noticed that Alan Runyan and you briefly discussed this issue back in 2002: http://mail.zope.org/pipermail/zope-cmf/2002-September/015350.html Any internal use should always take executable security (i.e. executable ownership and proxy roles) into account. Not doing so is a but, as things expected to be possible are not and (maybe even worse) things expected to be impossible may be possible. There may be a need for application code to check the permissions of the user with proxy roles not taken into account. E.g. a script that must use a Manager roles to do one thing but does not want to do another unless the current user has specific permissions. For this case, there also should be a method checking permissions with proxy roles not taken into account. -- Dieter ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests