Re: [Zope-dev] LoginManager.
Terje Malmedal wrote: > > Can anybody please provide a simple example of a working usersource > written in python? Look at the UserSource source for LoginManager and Membership. -- Do not meddle in the affairs of sysadmins, for they are easy to annoy, and have the root password. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] ZServer logging bug (was: Fighting with ZServer)
Dieter Maurer writes: > Since this afternoon, I am fighting with ZServer. > > > At home: Zope 2.1.6, Intel Linux 2, Linux Netscape 4.5 > > All images are always shown correctly. > However, there is no log entry in "var/Z2.log" for > about 50 % of the requests that are answered by > a 304 response. It is non-deterministic whether > a log entry is written or not. This is partially analysed: ZServer looses log entries, when its client closes the connection too fast. On my linux machine, ZServer looses all log entries, when it answers requests with code 304 to a local httplib client that immediately deletes the reply after "getreply". ZServer uses a "producers.hooked_producer" for logging. Such a producer calls its hook function when the primary producer runs out of data. The hook function performs the logging. When the client closes its socket immediately, then, probably, not all data of the producer is consumed and the hook function is not called --> no log entry. The problem occurs in Zope 2.1.6 and Zope 2.2.1b1 (CVS 2000-8-19). Apparently, the problem is not restricted to code 304. Requests answered with code 404 (not found) seem to be affected, too. Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Fighting with ZServer
Since this afternoon, I am fighting with ZServer. Currently, it seems Zserver is winning I do not understand, what I see... At work: Zope 2.1.6, Sparc Solaris 2.7, Linux Netscape 4.51 Sometimes, images are not shown by Netscape (broken image). No "simple" reload is able to change this, however a "forced" reload lets Netscape show the image correctly. From then on, the image is always shown correctly: by "simple" reload, "forced" reload or directly (served from cache). The strange thing, inside "Image.index_html" the failing "simple" reload and the succeeding "forced" reload look completely identical. At home: Zope 2.1.6, Intel Linux 2, Linux Netscape 4.5 All images are always shown correctly. However, there is no log entry in "var/Z2.log" for about 50 % of the requests that are answered by a 304 response. It is non-deterministic whether a log entry is written or not. Did you ever see something like this? Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
RE: [Zope-dev] Re: __ac_permissions__ question
> > Assertions made on a method in a subclass override the > assertions made > > in the base class. > > Okay, Posting has the following list of methods for the 'view' > permission: > ['date_posted','body_len','date_created','time_created','attac > hment','thread_path','index_html','showBody', > > 'desc_items','dupString','striptags','tpId','tpURL','this','ha > s_items','thread','title','author','body', > 'email','subject'] > > Now, what I want to do is add the following methods to this > list for the > Article class which subclasses Posting: > ['prev_item','next_item','showSummary','desc_items'] > > How do I do that? class Article(Posting): __ac_permissions__ = ( ('View', ('prev_item','next_item','showSummary','desc_items'), ('Anonymous', 'Manager')), ) It may be helpful to think of it this way: - the class that defines an attribute/method is responsible for protecting it (declaring it in a permission or with other security assertions) - a class doesn't have to worry about assertions made by its base classes (the base classes will have worried about the attrs they defined) - any class that defines security info must be initialized with default__class_init__ for the right thing to happen. Note that the only time you really have to care about what your base classes did is if you need to redefine the permission used cover an inherited attribute. For ex: class Posting: # doAction_A is under view permission __ac_permissions__ = ( ('View', ('doAction_A',), ('Anonymous', 'Manager')), ) def doAction_A(self): ... class Article(Posting): # For Articles, I want doAction_A to be under the 'Spam' # permission. __ac_permissions__ = ( ('View', ('doAction_B',), ('Anonymous', 'Manager')), ('Spam', ('doAction_A',), ('Anonymous', 'Manager')), ) Hope this helps! Brian Lloyd[EMAIL PROTECTED] Software Engineer 540.371.6909 Digital Creations http://www.digicool.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Squishdot and Zope 2.2
Chris Withers wrote: > > Shane Hathaway wrote: > > > How do I do that? > > > > class Article: > > > > __ac_permissions__ = ( > > ('View', ('prev_item', 'next_item', 'showSummary', 'desc_items')), > > ) > > > > ... etc ... > > > > Globals.default__class_init__(Article) > > Okay, I've changed it to that now :-) > > > BTW did getSubject() solve your other problem? > > I don't think I got that bit ;-) Add a getSubject() method which simply returns the subject, that way you can protect getSubject() without any question of future portability. > The subject issue was solved by mixing RoleManager into posting. > Does everything have to have RoleManager mixed in now? :S Hmm, that worked huh? :-/ > Then there was the thread[0] intSet issue which was solved with a hacky > getThread() method. > *grumble* *grumble* why aren't intSet's done properly?! Hopefully you got the mail I sent to Brian and CC'd to you. The response is that we need to find a proper solution to the mutability problem rather than open up intSet and BTree to an attack. Actually, in terms of OO purity, using a getThread() method is much better, so what you did is *not* a hack. :-) Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Squishdot and Zope 2.2
Shane Hathaway wrote: > > How do I do that? > > class Article: > > __ac_permissions__ = ( > ('View', ('prev_item', 'next_item', 'showSummary', 'desc_items')), > ) > > ... etc ... > > Globals.default__class_init__(Article) Okay, I've changed it to that now :-) > BTW did getSubject() solve your other problem? I don't think I got that bit ;-) The subject issue was solved by mixing RoleManager into posting. Does everything have to have RoleManager mixed in now? :S Then there was the thread[0] intSet issue which was solved with a hacky getThread() method. *grumble* *grumble* why aren't intSet's done properly?! cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
RE: [Zope-dev] attribute protection question
> Hmmm. Hence the problem with properties that meant OFS.Item.SimpleItem > had to have __allow_access_to_unprotected_subobjects__=1? > > Can you not just assign roles to properties as they're created or am I > missing something else? That's one way to do it - but it will require some thought to make sure we do it right. Having the "=1" assertion is a short-term solution intended to avoid breaking everyone's code for 2.2 while taking a step on the road to changing the default policy. I expect that it will soon make a distinction between properties and attributes that are not properties, which will be the next step on the road. I'd like to see this for 2.3, but I don't promise specific features for particular release numbers anymore :) I do want it to be Soon. My hope is that we'll release a 2.x beta where: o far less things are available via the __allow_... hack o product authors and app builders will have auth problems because they're using attrs formerly covered by the hack o the new security assertion spelling from dev.zope.org will be available and make it much easier for people to go in and protect the problem attrs correctly :) o most if not all of the Zope core will be using the new assertion style, which will help the product authors along with the "guide" to making security assertions that will be a deliverable of that dev.zope.org project o we'll be one more step closer to where we want to be Brian Lloyd[EMAIL PROTECTED] Software Engineer 540.371.6909 Digital Creations http://www.digicool.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: __ac_permissions__ question
Chris Withers wrote: > Okay, Posting has the following list of methods for the 'view' > permission: > >['date_posted','body_len','date_created','time_created','attachment','thread_path','index_html','showBody', > > >'desc_items','dupString','striptags','tpId','tpURL','this','has_items','thread','title','author','body', > 'email','subject'] > > Now, what I want to do is add the following methods to this list for the > Article class which subclasses Posting: > ['prev_item','next_item','showSummary','desc_items'] > > How do I do that? class Article: __ac_permissions__ = ( ('View', ('prev_item', 'next_item', 'showSummary', 'desc_items')), ) ... etc ... Globals.default__class_init__(Article) This should work as expected. Security assertions are inherited except when overridden. BTW did getSubject() solve your other problem? I'm not sure irc is going to work again. "irc.openprojects.net" seems to be too busy. Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: intSet and the new security model: solved with hack :(
Chris Withers wrote: > > Squishdot uses an intSet called 'thread' to store some information. > > Items in this intSet are used in several DTML methods, for example: > > > > > >/index_html#">Return to main thread > > > > Now, in Zope 2.2 this throws an unauthorized error as show in the PS. I've solved this now by adding a method to SquishSite: def getThread(self, index): """A nasty hack since intSet's became protected in Zope 2.2.0""" return self.thread[index] This is nasty 'cos it means everyone with old Squish Sites will haveto change them :( Anyone got anything better? cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] intSet and the new security model: solved with hack :(
Chris Withers wrote: > Squishdot uses an intSet called 'thread' to store some information. > Items in this intSet are used in several DTML methods, for example: > > >/index_html#">Return to main thread > > Now, in Zope 2.2 this throws an unauthorized error as show in the PS. I'ev solved this ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] intSet and the new security model
Hi, Squishdot uses an intSet called 'thread' to store some information. Items in this intSet are used in several DTML methods, for example: /index_html#">Return to main thread Now, in Zope 2.2 this throws an unauthorized error as show in the PS. How can I make this go away in a non-hacky fashion? cheers, Chris PS: ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] aq_inContextOf/can anyone explain this zmonitor log?
On Mon, 21 Aug 2000 16:03:38 +0200, Bob Pepin <[EMAIL PROTECTED]> wrote: Yeah, this is a good one. Theres some debate in the Collector about whether this is actually a bug or not. In short, aq_inContextOf checks for nested aquisition contexts. It does *not* check for nested objects. It will return zero if you pass it parallel acquisition contexts, even if the objects are indeed nested. iee=app.iee >iee=app.iee iee.doc1.aq_inContextOf(iee) >iee.doc1.aq_inContextOf(iee) >1 This was what you expected iee.doc1.aq_inContextOf(app.iee) >iee.doc1.aq_inContextOf(app.iee) >0 Here the acquisition wrappers `iee` and `app.iee` are distinct objects. Here is the full story, and a patch to get it to work the other way. http://classic.zope.org:8080/Collector/1066/view (This patch used to work, but ive not used it since it was submitted) Toby Dickenson [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: __ac_permissions__ question
Shane Hathaway wrote: > > __ac_permissions__ = Posting.__ac_permissions__ + ( > > ('View', ['prev_item','next_item','showSummary','desc_items'], > > ('Anonymous', 'Manager')), > > ) > > You don't need to concatenate the permissions of the base classes. > default__class_init__ will pick them up. Now that I've got it in there ;-) > > and Posting.__ac_permissions__ also defines a 'View' permission, which > > methods are covered? > > Assertions made on a method in a subclass override the assertions made > in the base class. Okay, Posting has the following list of methods for the 'view' permission: ['date_posted','body_len','date_created','time_created','attachment','thread_path','index_html','showBody', 'desc_items','dupString','striptags','tpId','tpURL','this','has_items','thread','title','author','body', 'email','subject'] Now, what I want to do is add the following methods to this list for the Article class which subclasses Posting: ['prev_item','next_item','showSummary','desc_items'] How do I do that? cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: __ac_permissions__ question
Chris Withers wrote: > > If I define the following in an Article class (which subclasses > Posting): > > __ac_permissions__ = Posting.__ac_permissions__ + ( > ('View', ['prev_item','next_item','showSummary','desc_items'], > ('Anonymous', 'Manager')), > ) You don't need to concatenate the permissions of the base classes. default__class_init__ will pick them up. > > and Posting.__ac_permissions__ also defines a 'View' permission, which > methods are covered? Assertions made on a method in a subclass override the assertions made in the base class. I hope that's clear enough... Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] __ac_permissions__ question
If I define the following in an Article class (which subclasses Posting): __ac_permissions__ = Posting.__ac_permissions__ + ( ('View', ['prev_item','next_item','showSummary','desc_items'], ('Anonymous', 'Manager')), ) and Posting.__ac_permissions__ also defines a 'View' permission, which methods are covered? (the ones from Posting, the ones from Article or (hopefully) the union of the two sets of methods) cheers, Chris PS: If it's nto the union, how can I achieve this effect? ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] attribute protection question
Brian Lloyd wrote: > > > In the new security model is it just attributes that are methods that > > are protected or is it all attributes? > > All attributes - methods just happen to be the most common > case. Ah, okay, that makes life interesting :S (although it does make more sense than just protecting methods ;-) > > Now, would I need body__roles__=None or somethign similar to > > be able to > > do: > > > > Yes, or (better) associate the name of the attribute with > a permission. Hmmm. Hence the problem with properties that meant OFS.Item.SimpleItem had to have __allow_access_to_unprotected_subobjects__=1? Can you not just assign roles to properties as they're created or am I missing something else? Well, related to this: Is there any way I can find out what attribute is trying to be accessed that is raising an exception? I feel like I'm trying to find a needle in a haystack converting Squishdot and I don't want to just wimp out and put __allow_access_to_unprotected_subobjects__=1 in all the classes :S Any ideas? cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] aq_inContextOf/can anyone explain this zmonitor log?
Hi, I just experienced some very weird behaviour from aq_inContextOf while I was trying to get Cut and Paste to work (I had to trace to the whole security stuff to do this, and read the C source for the acquisition stuff the figure out what aq_inContextOf does of course... thanks for having such a great, consistent, mature and well-documented design Zope-guys...) oh, btw, Copy & Paste seems to work only for objects that have their User Source at the / level because of the behaviour of inContextOf. well, here's the log: Python 1.5.2 (#5, Aug 10 2000, 15:45:20) [GCC 2.95.2 19991024 (release)] Copyright 1991-1995 Stichting Mathematisch Centrum, Amsterdam Welcome to >>> import Zope import Zope >>> app=Zope.app() app=Zope.app() >>> iee=app.iee iee=app.iee >>> doc1=app.iee.doc1 doc1=app.iee.doc1 >>> doc1.aq_inContextOf(iee) doc1.aq_inContextOf(iee) 0 >>> doc1.aq_inContextOf(app) doc1.aq_inContextOf(app) 1 >>> doc1.aq_inContextOf(app.iee) doc1.aq_inContextOf(app.iee) 0 >>> iee.doc1.aq_inContextOf(app.iee) iee.doc1.aq_inContextOf(app.iee) 0 >>> iee.doc1.aq_inContextOf(iee) iee.doc1.aq_inContextOf(iee) 1 >>> app.iee.doc1.aq_inContextOf(iee) app.iee.doc1.aq_inContextOf(iee) 0 >>> app.iee.doc1.aq_inContextOf(app.iee) app.iee.doc1.aq_inContextOf(app.iee) 0 >>> doc1.aq_inContextOf(iee) doc1.aq_inContextOf(iee) 0 >>> doc1=iee.doc1 doc1=iee.doc1 >>> doc1.aq_inContextOf(iee) doc1.aq_inContextOf(iee) 1 >>> doc1.aq_inContextOf(app.iee) doc1.aq_inContextOf(app.iee) 0 >>> doc1=app.iee.doc1 doc1=app.iee.doc1 >>> doc1.aq_inContextOf(app.iee) doc1.aq_inContextOf(app.iee) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Squish
...it was named appropriately ;-) Right, this would probably be easier if you have a background knowledge of Confera/Squishdot code, anyway... there's two classes, SquishSite and Posting. They don't inherit from each other, but postings are always contained in a SquishSite and eveything is Acquisition.Implicit-inheriting. Right, there's a whole host of methods: def postingValues(self): def tpId(self): def tpURL(self): def this(self): return self def has_items(self): def desc_items(self): ...that are implemented identically. So I thought 'why?' Why can't they just be implemented in the SquishSite class and acquired by the postings? So I commented them out... bad move :( Things that used desc_items, and a dtml-tree that used postingValues suddenly started producing infinite recusion errors and other weirdness. I think, instead of returning the children like postingValues is supposed to, it just returned the children of the Site object instead. very strange. Can you help explain? (it seemed to me like the method was being acquired alright, but the 'self' being used was that of the object the method was acquired from rather than object the method was being called on) The code for the two methods of any substance (the rest are just things like 'return self' and 'return self.id') is shown below. cheers, Chris # protected by 'View' permission def desc_items(self): # """ return latest list of replies """ mlist = [] mstack = Stack() if self.has_items(): plist = [] for id in self.ids: plist.append(id) plist.reverse() for id in plist: mstack.push(id) while not mstack.isEmpty(): item_id = mstack.pop() item = self.data[item_id] mlist.append(item) if item.has_items(): plist = [] for id in item.ids: plist.append(id) plist.reverse() for id in plist: mstack.push(id) return map((lambda x, p=self: x.__of__(p)), mlist) # protected by 'Manage Postings' permission def postingValues(self): # """ return all replies """ return map(lambda x, p=self: x.__of__(p), self.data.map(self.ids)) self.data is an IOBtree in the SquishSite object. self.ids is an intSet in the SquishSite object. (I think both are acquired by Posting objects) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
RE: [Zope-dev] attribute protection question
> In the new security model is it just attributes that are methods that > are protected or is it all attributes? All attributes - methods just happen to be the most common case. > Now, would I need body__roles__=None or somethign similar to > be able to > do: > Yes, or (better) associate the name of the attribute with a permission. Brian Lloyd[EMAIL PROTECTED] Software Engineer 540.371.6909 Digital Creations http://www.digicool.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Unauthorized head hurting :(
Is there any way you can find out what, exactly (ie a traceback ;-) is causing an unauthorized error? cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods with no __roles__ defined no always protected?
Toby Dickenson wrote: > Firstly, I assume your management page is a dtml file on disk, not a > dtml object stored in the ZODB. dtml files bypass *all* security > checks. That's nice :( > Secondly, all objects that inherit from OFS.Item.SimpleItem (that is, > almost all high level objects) have the > __allow_access_to_unprotected_subobjects__ flag set. Your method would > be callable from through-the-web dtml too. Even though it now has a permission attached to it? cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Methods with no __roles__ defined no always protected?
On Mon, 21 Aug 2000 12:15:24 +0100, Chris Withers <[EMAIL PROTECTED]> wrote: >The SquishSite class has a method called item_count() which is used on >one of the management pages. It currently isn't protected by any >permissions or __roles__ and yet it still works fine on the management >screen concerned. > >I thought this sort of thing was supposed to throw up an unauthorized >error in 2.2? No, for two reasons: Firstly, I assume your management page is a dtml file on disk, not a dtml object stored in the ZODB. dtml files bypass *all* security checks. Secondly, all objects that inherit from OFS.Item.SimpleItem (that is, almost all high level objects) have the __allow_access_to_unprotected_subobjects__ flag set. Your method would be callable from through-the-web dtml too. The basic rules of Zope security are fairly easy; its the exceptions that cause the problems. Toby Dickenson [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] zpatterns: how to invalidate the attributecache?
"Phillip J. Eby" wrote: > I don't see a need for a mass invalidation operation, just more > documentation on these inner workings. :) or the lack of an attribute depencies mechanism :-) if attribute x depends on attribute y from another generic attribute provider, invalidation of y doesn't make y to be recomputed. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] attribute protection question
In the new security model is it just attributes that are methods that are protected or is it all attributes? For example, I have a lump of text in an Article class which is stored in self.body. Now, would I need body__roles__=None or somethign similar to be able to do: ? cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] acquired methods and permissions
More questions from 2.2'ing Squishdot ;-) If a method is acquired by an object, does it use any permissions defined for that method in the object it's acquired from, or do you have to specify the permissions in the acquiring object as well? cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Methods with no __roles__ defined no always protected?
Hi, Just doing Squishdot for 2.2 when I noticed the following: The SquishSite class has a method called item_count() which is used on one of the management pages. It currently isn't protected by any permissions or __roles__ and yet it still works fine on the management screen concerned. I thought this sort of thing was supposed to throw up an unauthorized error in 2.2? cheers, Chris PS: It is now protected by a permission, but I can send anyone who cares a version which isn't... ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Zope] Looping through a folder's contents...
+---[ [EMAIL PROTECTED] ]-- | What would the "Recurse_Subfolder" method do? | | > | > | > | > That *is* Recruse_Subfolder :-) -- Totally Holistic Enterprises Internet| P:+61 7 3870 0066 | Andrew Milton The Internet (Aust) Pty Ltd | F:+61 7 3870 4477 | ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon PO Box 837 Indooroopilly QLD 4068|[EMAIL PROTECTED]| ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Zope] Looping through a folder's contents...
What would the "Recurse_Subfolder" method do? On Mon, Aug 21, 2000 at 04:12:05PM +1000, Andrew Kenneth Milton wrote: > +---[ [EMAIL PROTECTED] ]-- > | I would like to loop through the contents of a folder, and the > | contents of the subfolders of that folder. I know I can do this to a > | singular level by doing something like: > | > | > | > | > | > | Should give me a list of the titles of all the subfolders of the > | folder called "subfolder". So, once I get there, how do I loop > | through the subobjects of each of those folders? > | > | In other words, I have a subfolder inside of the folder called > | "subfolder" and I want to see the contents of that folder. How do I > | do it? > > I'll give you the general case for 'all' folders:- > > Make a Method... Recurse_SubFolder. > > > > > > > > > > > You can obviously expand this to also take a 'type' for objectValues, > and pass the namespace etc. > -- A homeowner's reach should exceed his grasp, or what's a weekend for? ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )