[Zope-dev] Security validation issue

2004-01-28 Thread Herman Geldenhuys 



I've written a Zope product that exposes a 
"MenuItem". I add a menuItem in a Zope folder, and I have no difficulty 
accessing and editing it via the ZMI. I've written an xml-rpc-like protocol 
for Zope, that basically validates the security "manually". 
 
This menuItem has an attribute called "def 
getVersion(self):" which returns an int.
 
This is the Code that prevents me from accessing 
the method in python, via my protocol:
 
if not 
AccessControl.getSecurityManager().validate(None, object, 
attributes[-1]):    
raise UnauthorisedAccessException('Unauthorised: ' + 
originalAddress)
 
object = >
  
This is the method getVersion
 
attributes[-1] = 
"getVersion" (string)
 
UnauthorisedAccessException: Unauthorised: 
menus.administration.addUser.getVersion
 
This code works for any other default Zope type, 
but not mine. Did I perhaps forgot a permission or something?
 
I can access this fine via the ZMI, but when I 
validate it this way, python just starts cursing at me.
 
Can somebody help?
 
Thanks
 
H
 
___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Re: Call for testing (2.6.4 / 2.7.0)

2004-01-28 Thread Casey Duncan 
On Wed, 28 Jan 2004 13:36:31 +0100
yuppie <[EMAIL PROTECTED]> wrote:

> Hi!
> 
> 
> Brian Lloyd wrote:
> > In the meantime, it would be helpful for anyone who runs from 
> > the 2.6 or 2.7 branches in CVS to update and let us know if you 
> > have any unresolved problems.
> 
> Right now I have no time to track this down myself, but the attached
> CMF test failures seem to be related to the last Zope changes. Don't
> know if these tests need to be updated or if they reveal a bug in
> Zope.

These tests seem pretty naive. I don't thing user objects promise to
compare to one another in any way. Looks to me like the tests should be
changed to something like:

self.failUnless(f.getOwner() is ownership)

-Casey

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: Call for testing (2.6.4 / 2.7.0)

2004-01-28 Thread yuppie 
Hi!

Brian Lloyd wrote:
In the meantime, it would be helpful for anyone who runs from 
the 2.6 or 2.7 branches in CVS to update and let us know if you 
have any unresolved problems.
Right now I have no time to track this down myself, but the attached CMF 
test failures seem to be related to the last Zope changes. Don't know if 
these tests need to be updated or if they reveal a bug in Zope.

Cheers,
Yuppie


==
FAIL: test_createMemberArea 
(Products.CMFCore.tests.test_MembershipTool.MembershipToolSecurityTests)
--
Traceback (most recent call last):
  File 
"/usr/local/lib/Zope-2.7/Products/CMFCore/tests/test_MembershipTool.py", 
line 82, in test_createMemberArea
self.assertEqual( f.getOwner(), ownership )
  File "/usr/lib/python2.3/unittest.py", line 302, in failUnlessEqual
raise self.failureException, \
AssertionError:  != 

==
FAIL: test_constructContent 
(Products.CMFCore.tests.test_TypesTool.TypesToolTests)
--
Traceback (most recent call last):
  File 
"/usr/local/lib/Zope-2.7/Products/CMFCore/tests/test_TypesTool.py", line 
125, in test_constructContent
self.assertEqual( f.getOwner(), acl_users.user_foo )
  File "/usr/lib/python2.3/unittest.py", line 302, in failUnlessEqual
raise self.failureException, \
AssertionError:  != 

==
FAIL: test_createMemberArea 
(Products.CMFDefault.tests.test_MembershipTool.MembershipToolSecurityTests)
--
Traceback (most recent call last):
  File 
"/usr/local/lib/Zope-2.7/Products/CMFDefault/tests/test_MembershipTool.py", 
line 88, in test_createMemberArea
self.assertEqual( f.getOwner(), ownership )
  File "/usr/lib/python2.3/unittest.py", line 302, in failUnlessEqual
raise self.failureException, \
AssertionError:  != 

--
Ran 366 tests in 8.800s
FAILED (failures=3)

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] Call for testing (2.6.4 / 2.7.0)

2004-01-28 Thread robert 
Bingo,
I tested with 2.7 and things work again.
thanks for your efforts.
Robert
On Tuesday 27 January 2004 22:08, Brian Lloyd wrote:
> Hi all -
>
> Tres and I have been working to merge some final fixes, and
> I'd like to be able to make rc2 releases for 2.6.4 and 2.7.0
> tomorrow.
>
> In the meantime, it would be helpful for anyone who runs from
> the 2.6 or 2.7 branches in CVS to update and let us know if you
> have any unresolved problems.
>
> It would be especially helpful for those who were having
> trouble with things like workflow scripts under the rc1
> releases to give this a shot and let us know if the trouble
> is resolved.
>
> **Note that you need to rebuild the C extensions, due to a
>   fix to cAccessControl. Be sure to do this before reporting
>   any lingering issues!**
>
> Thanks,
>
>
> Brian Lloyd[EMAIL PROTECTED]
> V.P. Engineering   540.361.1716
> Zope Corporation   http://www.zope.com
>
>
> ___
> Zope-Dev maillist  -  [EMAIL PROTECTED]
> http://mail.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope )


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )