Re: [Zope-dev] Trying to understand the nuances of a VerboseSecurityreport ..
Hi Shane, Toby ..
Set Tardis for
http://mail.zope.org/pipermail/zope-dev/2003-February/018837.html
All I can think is that that object 'basic' lacks context for
some reason (i.e. lacks an acquisition wrapper?). I can't think
why it lacks context .. we use that idiom all over the app, and
don't normally get any problems.
That's all I can think of also. Try examining basic.aq_chain.
It looks like bad interaction with ZUnit:
(Pdb) license.propertysheets.basic
ZInstanceSheet instance at 9a6f350
(Pdb) license.propertysheets.basic.aq_chain
[ZInstanceSheet instance at 9a6f350, License_PropertySheetsClass
instance at 9a6f128, License instance at 9e19038, Specialist
instance at 99ae6d8, Specialist instance at 996acd0, Folder instance
at 9cad3b0, *** AttributeError: testsRun
'testsRun' is an attribute that is set in ZUnit.TestMonitor
I'm poking about in ZUnit now .. benightedly ..
Here is the code context in which the above obtains::
# Create a new reminder and reference it from the License
reminder = container.addInstance(no_redir=1)
import pdb; pdb.set_trace() #DBG We are here. This fails:
license.propertysheets.basic.manage_changeProperties(
{reminder_id_property: reminder.id})
That is in a Script (Python). The 'license' instance was
created in the calling Script (Python), and passed in as parameter.
Calling sequence:
addLicenses (called from a ZUnitExternal test suite) -
addLicense (creates license instance) -
doRemindersForLicense(license) (creates reminder instance;
calls license.propertysheets.basic.manage_changeProperties)
Perhaps interestingly, reminder and AUTHENTICATED_USER seem to be
OK, and license and context do not:
(Pdb) reminder.aq_chain
[Reminder instance at 9c39bb0, Specialist instance at 99682a0,
Application instance at 9968a48, RequestContainer instance at 8fd9e68]
(Pdb) license.aq_chain
[License instance at 9e19038, Specialist instance at 99ae6d8,
Specialist instance at 996acd0, Folder instance at 9cad3b0, ***
AttributeError: testsRun
(Pdb) context.aq_chain
[Specialist instance at 99682a0, Specialist instance at 99ae6d8,
Specialist instance at 996acd0, Folder instance at 9cad3b0, ***
AttributeError: testsRun
(Pdb) context.REQUEST.AUTHENTICATED_USER.aq_chain
[jean, LoginManager instance at 996f588, Application instance at
9968a48, RequestContainer instance at 8fd9e68]
--
Jean Jordaan
http://www.upfrontsystems.co.za
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Trying to understand the nuances of a VerboseSecurityreport ..
In case it's relevant, the Folder at the bottom of the aq_chain
for license is a ZUnit temporary folder:
(116)doRemindersForLicense()
(Pdb) license.aq_chain
[License instance at 9cca368, Specialist instance at 9aef630,
Specialist instance at 98313c8, Folder instance at 9cb9468, ***
AttributeError: testsRun
(Pdb) license.aq_chain[3].__dict__
{'title': '', 'id':
'00022_Products.CremeTests.LicenseTests.LicenseTests.testAddFekoDongleLicense',
'__ac_local_roles__': {'jean': ['Owner']}}
The two Specialists are just part of our app:
Zope root/Licenses/LicenseDocs
--
Jean Jordaan
http://www.upfrontsystems.co.za
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Declaring Dependencies for XML documents (Was: How To Improve Cache Coherency for RAM/Disk Cache Manager...?)
Craeg K Strong wrote: I hate it when I surf to a less-highly-used portion of a website and have to wait 30 seconds for the page to render. Sure, we all do. One possibility is to add the ability to *declare* dependencies. [snip] Such an object could have an explicit listing of the objects on which it depends, and invalidate the cache appropriately whenever any of the dependent objects changed. Unfortunately enumerating the dependencies of a document won't help with the aforementioned first-time-rendering delay. Prefetching can, not that I'm advocating it, I offer that only as an observation. That said I don't think a dependancy based caching strategy is a bad idea. It could obviate the need for time-based cache expiration in some circumstances. In the long run, it all depends on your usage patterns as to whether it would pay off or not. -- Jamie Heilman http://audible.transient.net/~jamie/ Most people wouldn't know music if it came up and bit them on the ass. -Frank Zappa ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Prevayler and Object Prevalence
John Ziniti wrote: Any ZODB developers read this article at /. and the accompanying one at developerWorks? Would anyone care to comment about the relevance/comparisons of prevalence to the concepts of persistence used in ZODB and/or ZEO? http://developers.slashdot.org/article.pl?sid=03/03/03/1220222mode=nestedtid=156threshold=1 It seems to be a way to simplify and speed up object persistence when you don't actually have an object database. Zope does, and thus fixed the problem The Right Way (tm) instead. :) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Trying to understand the nuances of a VerboseSecurityreport ..
Jean Jordaan wrote: Hi Shane, Toby .. Set Tardis for http://mail.zope.org/pipermail/zope-dev/2003-February/018837.html All I can think is that that object 'basic' lacks context for some reason (i.e. lacks an acquisition wrapper?). I can't think why it lacks context .. we use that idiom all over the app, and don't normally get any problems. That's all I can think of also. Try examining basic.aq_chain. It looks like bad interaction with ZUnit: (Pdb) license.propertysheets.basic ZInstanceSheet instance at 9a6f350 (Pdb) license.propertysheets.basic.aq_chain [ZInstanceSheet instance at 9a6f350, License_PropertySheetsClass instance at 9a6f128, License instance at 9e19038, Specialist instance at 99ae6d8, Specialist instance at 996acd0, Folder instance at 9cad3b0, *** AttributeError: testsRun That AttributeError is awfully strange, but it does explain the lack of context. The chain needs to go all the way to the application and request container. Notice that the closing square bracket is not present, and something printed three asterisks. I don't know what code would do that... perhaps Python 1.5.2? Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Trying to understand the nuances of a VerboseSecurityreport ..
Notice that the closing square bracket is not present, and something printed three asterisks. Myeah, 'grep -r \*\*\* *' in the Zope 2.5.1 source and instance Products directories doesn't turn up any AttributeError line .. I don't know what code would do that... perhaps Python 1.5.2? It's running: python2.1 -V Python 2.1.3 [EMAIL PROTECTED] creme.jean-ZopeTestCase-branch $ cat start #! /bin/sh PYTHON=/usr/bin/python2.1 ZOPE_BASE=/usr/local/zope/2-5-1 ZOPE_SECURITY_POLICY=PYTHON reldir=`dirname $0` INSTANCE_HOME=`cd $reldir; pwd` export INSTANCE_HOME ZOPE_SECURITY_POLICY exec $PYTHON $ZOPE_BASE/z2.py \ -D -X -w 17085 -W 17805 \ -u jean $INSTANCE_HOME/var/z2.log 21 -- Jean Jordaan http://www.upfrontsystems.co.za ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Declaring Dependencies for XML documents (Was: HowTo Improve Cache Coherency for RAM/Disk Cache Manager...?)
Anyway, after talking this over with my colleague, I realize that the problem of *deriving* dependencies is fundamentally undecidable. We might be able to figure it out in the case of simple acquisition, like span tal:replace=here/aObject/aMethod/ But it is hopeless for pure python: span tal:replace=python:I-can-do-anything-and-you-cant-stop-me(REQUEST)/ :) Well you could, in theory, hook every object as CallProfiler does and then you would know for each request what object was called and Cache it. You could even do something really clever like using CallProfiler automatically cache objects that took longer than a certain amount of time... But there are more issues with that than there are days in a year and you could be writing that code forever, letting the user figure it out manually is an easier choice. Cheers. -- Andy McKay ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Declaring Dependencies for XML documents (Was: HowToImprove Cache Coherency for RAM/Disk Cache Manager...?)
Andy McKay wrote: Anyway, after talking this over with my colleague, I realize that the problem of *deriving* dependencies is fundamentally undecidable. We might be able to figure it out in the case of simple acquisition, like span tal:replace=here/aObject/aMethod/ But it is hopeless for pure python: span tal:replace=python:I-can-do-anything-and-you-cant-stop-me(REQUEST)/ :) Well you could, in theory, hook every object as CallProfiler does and then you would know for each request what object was called and Cache it. You could even do something really clever like using CallProfiler automatically cache objects that took longer than a certain amount of time... But there are more issues with that than there are days in a year and you could be writing that code forever, letting the user figure it out manually is an easier choice. Ah, but you might have something there. What if there were a cache manager that simply dropped its contents whenever anything changes in ZODB? You could associate nearly all scripts and templates with that cache manager without any fear of stale cache entries. For many sites, it could be an instant win. Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] LOTS of roles?
On Tue, Feb 25, 2003 at 06:33:16PM +, Florent Guillaume wrote: Leonardo Rochael Almeida [EMAIL PROTECTED] wrote: So I think you need dynamically calculated local roles. This can be achieved by a user folder that returns a user object that overrides .getRolesInContext(object) to take the location (or any other attribute, such as an acquired site) of object and check it against your central authorization source (eg. LDAP). Note that you'll also want to change validate() if you go that route. It has a short-circuited version of getRolesInContext in it. I'm now looking into doing this... and i haven't found what you mean. there are a bunch of validates() in various modules in AccessControl, which are you talking about? ]$ grep def validate( * 2 /dev/null AuthEncoding.py:def validate(reference, attempt): AuthEncoding.py:def validate(self, reference, attempt): AuthEncoding.py:def validate(self, reference, attempt): AuthEncoding.py:def validate(self, reference, attempt): SecurityManager.py:def validate(self, accessed=None, container=None, name=None, value=None, User.py:def validate(self, request, auth='', roles=_noroles): User.py:def validate(self, request, auth='', roles=_noroles): ZopeSecurityPolicy.py:def validate(self, accessed, container, name, value, context, cAccessControl.c: /*| def validate(self, accessed, container, name, value, context are you sure it's not BasicUser.allowed() that you mean? there's a comment in there about checking roles manaully rather than with getRolesInContext... -- Paul Winkler http://www.slinkp.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Declaring Dependencies for XML documents (Was: HowTo Improve Cache Coherency for RAM/Disk Cache Manager...?)
On Tue, Mar 04, 2003 at 02:32:31PM -0500, Shane Hathaway wrote: Ah, but you might have something there. What if there were a cache manager that simply dropped its contents whenever anything changes in ZODB? You could associate nearly all scripts and templates with that cache manager without any fear of stale cache entries. For many sites, it could be an instant win. interesting idea. there's certainly plenty of sites, though, where the cache would get invalidated so often that the cache would be of limited value. e.g. a busy squishdot-type site, or many CMF sites. and on those kind of sites, the busiest times are when you most need the cacheing... but the simplicity is certainly appealing... and in my case, i have a CMF site where this would likely be quite useful since the public never logs in, only our content management team, and we tend to make changes on dev servers and push them to production in a big bunch. -- Paul Winkler http://www.slinkp.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [Vote] PEP308 voting began
Attention: cross post PEP308 is concerned with the introduction of a ternary conditional operator (something like an if cond: val_true else: val_false) into Zope. In my view, such an operator would make TALES expressions easier because we could get rid of the and/or hack to represent conditionals and we could forget about the test function, which evaluates too eagerly. Please have a look at PEP308 and consider voting. Details in comp.lang.python.announce. Dieter IMO TALES should solve this for itself by introducing an if/then/else expression form rather than depending on Python. If you can have a not:.. expression, surely you can have an if:..:then:..:else:.. expression. --Guido van Rossum (home page: http://www.python.org/~guido/) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [Vote] PEP308 voting began
Guido van Rossum wrote: IMO TALES should solve this for itself by introducing an if/then/else expression form rather than depending on Python. If you can have a not:.. expression, surely you can have an if:..:then:..:else:.. expression. --Guido van Rossum (home page: http://www.python.org/~guido/) Yes, I'd be interested in seeing some kind of expression superset operator in TALES such that you could use some boolean logic in expressions which had subexpressions of different types (ie path expressions vs python expressions). Currently the punt is to go out to Python for any logic other than the path expression OR syntax. e.g. tal:define=variable tales: path: path_component | string: foo An inline if/else might be C like tal:define=variable tales: local_var ? path: path_componenta : string: foo where tales: is simply whatever the meta-expression handler name is. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: [Vote] PEP308 voting began
Guido van Rossum wrote:
IMO TALES should solve this for itself by introducing an if/then/else
expression form rather than depending on Python. If you can have a
not:.. expression, surely you can have an if:..:then:..:else:..
expression.
Now that you point it out, it's not even hard. Here's a
proof-of-concept, with really awful parsing (it obviously breaks on
nested if: then: else:), that actually works:
class IfExpr:
def __init__(self, name, expr, compiler):
self._s = expr = expr.lstrip()
m = re.match('(.*) then:(.*) else:(.*)', expr)
if m is not None:
condexpr, thenexpr, elseexpr = m.groups()
self._cond = compiler.compile(condexpr)
self._then = compiler.compile(thenexpr)
self._else = compiler.compile(elseexpr)
def __call__(self, econtext):
if econtext.evaluateBoolean(self._cond):
return econtext.evaluate(self._then)
return econtext.evaluate(self._else)
(Tested with
div tal:replace=if:options/x then:string:yes else:string:no)
Is this worth a robust implementation, ZPT folks?
Cheers,
Evan @ 4-am
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: [Vote] PEP308 voting began
On Tue, Mar 04, 2003 at 03:21:57PM -0600, Evan Simpson wrote: Is this worth a robust implementation, ZPT folks? maybe, but i'd rather first wait and see how the PEP goes. it would suck to have to constantly deal with two totally different flavors of ternary. -- Paul Winkler http://www.slinkp.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] [Vote] PEP308 voting began
Attention: cross post PEP308 is concerned with the introduction of a ternary conditional operator (something like an if cond: val_true else: val_false) into Zope. In my view, such an operator would make TALES expressions easier because we could get rid of the and/or hack to represent conditionals and we could forget about the test function, which evaluates too eagerly. Please have a look at PEP308 and consider voting. Details in comp.lang.python.announce. Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
